Design/Logic Flaw

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value MaxNameChars...

Design/Logic Flaw

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented...

Design/Logic Flaw

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts which are supposed to be completely...

CVE-2021-36125

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value MaxNameChars...

CVE-2021-36125

CVE-2021-36125 affects MediaWiki’s CentralAuth extension (up to 1.36). The GlobalRenameRequest page is vulnerable to infinite loops/DoS when a user’s username exceeds a configured max (MaxNameChars). PT-2021-6527 provides concrete fixes: upgrade MediaWiki 1.36.x to 1.36.1 or later (also applies t...

CVE-2021-36127

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts which are supposed to be completely...

CVE-2021-36127

CVE-2021-36127 applies to MediaWiki’s CentralAuth extension (through 1.36). The issue: on Special:GlobalUserRights, search results for a suppressed (blocked) user differed from other users, enabling disclosure of suppressed accounts that should be hidden. Affected components include MediaWiki cor...

CVE-2021-36128

The CVE-2021-36128 entry concerns the MediaWiki CentralAuth extension (up to version 1.36) with autoblocks for CentralAuth-issued suppression blocks not being implemented correctly. This is the concrete detail provided across multiple connected sources. The impact is described in the description ...

CVE-2021-36128

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. MediaWiki 1.36 suffers from a security vulnerability that stems from an issue discovered in the CentralAut...

MediaWiki 授权问题漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in the CentralAuth extension for MediaWiki prior to 1.36, which stems from...

PT-2021-21122 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 Description: An issue was discovered in the CentralAuth extension. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an...

PT-2021-21124 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 Description: An issue was discovered in the CentralAuth extension where the Special:GlobalUserRights page provided different search results for a suppressed MediaWiki user compared to other users, thus easily...

PT-2021-21125 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.36 Description: An issue was discovered in the CentralAuth extension. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented. Recommendations: For MediaWiki versions prior to 1.36,...

The vulnerability of the software for implementing the hypertext environment MediaWiki, related to deficiencies in the authentication process, allows a violator to circumvent the account lockout implemented by CentralAuth.

The vulnerability of the software for implementing the hypertext environment MediaWiki is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to circumvent the lockout mechanism for the CentralAuth account...

Unspecified Vulnerability in MediaWiki (CNVD-2021-38686)

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. centralAuth is one of the extensions that supports shared global...

MediaWiki Code Problem Vulnerability

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. centralAuth is one of the extensions that supports shared global...

MediaWiki Information Disclosure Vulnerability (CNVD-2020-58048)

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. centralAuth is one of the extensions that supports shared global...

UBUNTU-CVE-2020-25827

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across...

CVE-2020-25827

MediaWiki CVE-2020-25827 affects the OATHAuth extension. The issue occurs when Wikis run OATHAuth on a farm/cluster (e.g., CentralAuth) where token rate limiting is enforced only at a single site level; this enables issuing multiple OATH token requests across many wikis/sites concurrently. Affect...