MediaWiki Multiple Vulnerabilities (Aug 2016) - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; if...

CVE-2016-6331

ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php...

CVE-2016-6331

CVE-2016-6331 affects MediaWiki where ApiParse in versions prior to 1.23.15, 1.26.x prior to 1.26.4, and 1.27.x prior to 1.27.1 allows remote attackers to bypass per-title read restrictions via a parse action to api.php. The issue enables partial confidentiality impact (per CVSS metrics: CVSSv3.0...

Fedora Update for mediawiki FEDORA-2016-9299ce1c7d

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : mediawiki (2016-9299ce1c7d)

https://www.mediawiki.org/wiki/MediaWiki1.27 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Updated mediawiki packages fix security vulnerability

Check read permission when loading page content in ApiParse CVE-2016-6331 Make blocks log users out if $wgBlockDisablesLogin is true CVE-2016-6332 Make $wgBlockDisablesLogin also restrict logged in permissions CVE-2016-6332 Require login to preview user CSS pages CVE-2016-6333 Escape '' in inline...

Fedora Update for mediawiki FEDORA-2016-ce1678471e

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : mediawiki (2016-ce1678471e)

https://www.mediawiki.org/wiki/Releasenotes/1.26MediaWiki1.26.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 24 : mediawiki (2016-af3b0af887)

https://www.mediawiki.org/wiki/Releasenotes/1.26MediaWiki1.26.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

MediaWiki 1.23.x < 1.23.15 / 1.26.x < 1.26.4 / 1.27.x < 1.27.1 Multiple Vulnerabilities

According to its version number, the MediaWiki application running on the remote web server is 1.23.x prior to 1.23.15, 1.26.x prior to 1.26.4, or 1.27.x prior to 1.27.1. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists in the...

mediawiki: multiple issues

CVE-2016-6331 permission bypass Check read permission when loading page content in ApiParse. Prevents leaking page contents for extensions that deny read rights to certain pages via a userCan hook, but still allow the user to have read rights in general. - CVE-2016-6332 permission bypass Make...