153 matches found
RHEL 7 : OpenShift Container Platform 3.11 mediawiki (RHSA-2019:3142)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3142 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
Fedora 29 : mediawiki (2018-f4b65fc7cd)
https://www.mediawiki.org/wiki/Releasenotes/1.29MediaWiki1.29.3 - T169545, CVE-2018-0503 SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'. - T194605, CVE-2018-0505 SECURITY: BotPasswords can bypass CentralAuth's account lock. - T180551 Fix LanguageSrTest for language converter - T18055...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: '$wgRateLimits' entry for 'user' overrides 'newbie' CVE-2018-0503. When a log event is partially hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information CVE-2018-0504. BotPasswords can bypass CentralAuth's...
MGASA-2018-0433 Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: '$wgRateLimits' entry for 'user' overrides 'newbie' CVE-2018-0503. When a log event is partially hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information CVE-2018-0504. BotPasswords can bypass CentralAuth's...
MediaWiki Multiple Vulnerabilities (Sep 2018) - Linux
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; if...
UBUNTU-CVE-2018-0505
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...
DEBIAN-CVE-2018-0505
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...
Design/Logic Flaw
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...
CVE-2018-0505
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...
CVE-2018-0505
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...
CVE-2018-0505
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...
CVE-2018-0505 BotPasswords can bypass CentralAuth's account lock
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...
CVE-2018-0505
MediaWiki prior to versions 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains CVE-2018-0505: BotPasswords can bypass CentralAuth’s account lock. The issue enables bypassing access restrictions. Vendors/maintainers document upstream fix in 1.31.1; Arch Fedora advisories confirm upgrade to 1.31.1-1 is the...
CVE-2018-0505
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...
BotPassword can bypass CentralAuth's account lock
More info at https://phabricator.wikimedia.org/T194605...
CVE-2012-5395
Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauthSession cookie...
Session fixation
Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauthSession cookie...
CVE-2012-5395
Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauthSession cookie...
CVE-2012-5395
CVE-2012-5395 affects MediaWiki with the CentralAuth extension; vulnerable centralauth_Session cookie handling allows remote attackers to hijack sessions. Affected versions are MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1. Root cause is session fixation via CentralAuth,...
MediaWiki < 1.19.10 / 1.21.4 / 1.22.1 Multiple Vulnerabilities
According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - Escape sequences are not properly sanitized when passed to the 'Sanitizer::checkCss' class, which allows a remote attacker to conduct cross-site scripting attacks...