3 matches found
BIT-MEDIAWIKI-2021-36129
An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata...
PT-2021-21122 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 Description: An issue was discovered in the CentralAuth extension. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an...
PT-2021-21124 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 Description: An issue was discovered in the CentralAuth extension where the Special:GlobalUserRights page provided different search results for a suppressed MediaWiki user compared to other users, thus easily...