154 matches found
Unspecified Vulnerability in MediaWiki (CNVD-2021-38686)
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. centralAuth is one of the extensions that supports shared global...
MediaWiki Code Problem Vulnerability
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. centralAuth is one of the extensions that supports shared global...
MediaWiki Information Disclosure Vulnerability (CNVD-2020-58048)
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. centralAuth is one of the extensions that supports shared global...
UBUNTU-CVE-2020-25827
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across...
CVE-2020-25827
MediaWiki CVE-2020-25827 affects the OATHAuth extension. The issue occurs when Wikis run OATHAuth on a farm/cluster (e.g., CentralAuth) where token rate limiting is enforced only at a single site level; this enables issuing multiple OATH token requests across many wikis/sites concurrently. Affect...
PT-2020-6813 · Oathauth +3 · Oathauth +3
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.31.10 MediaWiki versions 1.32.x through 1.34.x before 1.34.4 Description: The issue is related to insufficient restriction of authentication attempts in the OATHAuth extension for MediaWiki. This can be exploited...
MediaWiki CentralAuth Information Disclosure Vulnerability
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. centralAuth is one of the extensions that supports shared global...
CVE-2020-12051
The CentralAuth extension through REL134 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied wh...
CVE-2020-12051
The CentralAuth extension through REL134 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied wh...
Cross site request forgery (csrf)
The CentralAuth extension through REL134 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied wh...
CVE-2020-12051
The CentralAuth extension through REL134 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied wh...
CVE-2020-12051
The CVE-2020-12051 issue affects the MediaWiki CentralAuth extension (REL1_34 and earlier) where remote attackers can query api.php?action=query&meta=globaluserinfo&guiuser= to obtain sensitive hidden account information. The vulnerability is described across multiple sources (NVD, Red Hat, OSV, ...
CVE-2013-6455
The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page...
Design/Logic Flaw
The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page...
CVE-2013-6455
CVE-2013-6455 affects the CentralAuth extension for MediaWiki. The vulnerability allows remote attackers to obtain usernames by manipulating the DOM on a page. Affected versions are MediaWiki with CentralAuth before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1. The issue stems from writi...
CVE-2013-6455
The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page...
Low: Red Hat Security Advisory: OpenShift Container Platform 3.9 mediawiki123 security update
An update for mediawiki123 is now available for Red Hat OpenShift Container Platform 3.9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
mediawiki: BotPassword can bypass CentralAuth's account lock
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...
Low: Red Hat Security Advisory: OpenShift Container Platform 3.10 mediawiki security update
An update for mediawiki is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
mediawiki: BotPassword can bypass CentralAuth's account lock
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...