303 matches found
PT-2024-28934 · Mediawiki · Mediawiki Checkuser Extension
Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.42.1 Description: An issue was discovered in the CheckUser extension for MediaWiki. The API can expose suppressed information for log events, as the log deleted attribute is not applied to...
CVE-2024-40598
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. The logdeleted attribute is not applied to entries...
CVE-2024-40598
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. The logdeleted attribute is not applied to entries...
PT-2024-28933 · Mediawiki · Mediawiki Checkuser Extension
Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.42.1 Description: An issue was discovered in the CheckUser extension for MediaWiki. It can expose suppressed information for log events, as the log deleted attribute is not respected...
PT-2024-28932 · Mediawiki · Mediawiki Checkuser Extension
Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.42.1 Description: The Special:Investigate feature can expose suppressed information for log events due to the TimelineService not supporting proper suppression. Recommendations: For versions...
CVE-2024-40597
The CVE-2024-40597 vulnerability affects the MediaWiki CheckUser extension up to version 1.42.1, where the log_deleted attribute is not respected, allowing exposure of suppressed log-event information. Impact: potential disclosure of sensitive log data (confidentiality is HIGH per CVSS). The issu...
CVE-2024-40596
CVE-2024-40596 affects MediaWiki’s CheckUser extension through version 1.42.1. The vulnerability arises in the Special:Investigate feature, which can expose suppressed information for log events because the TimelineService does not properly suppress it. Affected component: CheckUser extension (Me...
CVE-2024-40598
The CVE-2024-40598 issue affects the MediaWiki CheckUser extension (through version 1.42.1). The API can expose suppressed information for log events because the log_deleted attribute is not applied to entries, enabling unintended disclosure of deleted log data. Several sources (Red Hat, CNVD, OS...
The vulnerability of the CheckUser extension of the software environment for implementing MediaWiki’s hypertext environment allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the CheckUser extension of the MediaWiki software environment exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks through message definitions. For...
The vulnerability of the CheckUser extension of the software environment for implementing MediaWiki’s hypertext environment allows a violator to cause a service failure.
The vulnerability of the CheckUser extension of the MediaWiki software environment relates to the use of the URL address rest.php/checkuser/v0/useragentclienthints/revision/, which is used to store any number of lines in cuuseragentclienthints. Exploiting this vulnerability could allow a maliciou...
BIT-MEDIAWIKI-2021-31553
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...
BIT-MEDIAWIKI-2022-39193
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression...
BIT-MEDIAWIKI-2023-29139
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur RequestTimeoutException or upstream request timeout...
BIT-MEDIAWIKI-2023-37300
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...
BIT-MEDIAWIKI-2023-37303
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...
BIT-MEDIAWIKI-2023-45367
An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cuuseragentclienthints, leading to a...
BIT-MEDIAWIKI-2024-23172
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog...
CVE-2024-23172
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog...
CVE-2024-23172
CVE-2024-23172 affects MediaWiki’s CheckUser extension. Affected versions are: MediaWiki before 1.35.14; 1.36.x through 1.39.x before 1.39.6; and 1.40.x before 1.40.2. Root cause is an XSS in message definitions, e.g., in SpecialCheckUserLog . The vulnerability could enable a remote attacker to p...
PT-2024-2676 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 Description: An issue in the CheckUser extension allows XSS to occur via message definitions, for example, in...