Improper Authentication

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Improper Authentication via the AuthManager proces...

CVE-2025-6597 MediaWiki should not consider autocreation as login for the purposes of security reauthentication

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7, 1.43.2, 1.44.0...

CVE-2025-6597

CVE-2025-6597 affects Wikimedia Foundation MediaWiki, specifically the authentication management component in includes/auth/AuthManager.Php. The vulnerability is listed for MediaWiki versions before 1.39.13, 1.42.7, 1.43.2, and 1.44.0. Red Hat notes a weakness in how authentication is handled; De...

CVE-2025-6597 MediaWiki should not consider autocreation as login for the purposes of security reauthentication

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7, 1.43.2, 1.44.0...

UBUNTU-CVE-2013-4572

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user...