8 matches found
MGASA-2023-0241 Updated mediawiki packages fix security vulnerability
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...
MGASA-2022-0145 Updated mediawiki packages fix security vulnerability
Title::newMainPage goes into an infinite recursion loop if it points to a local interwiki CVE-2022-28201. Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete CVE-2022-28202. Requesting Special:NewFiles on a wiki with many file uploads with acto...
MGASA-2021-0477 Updated mediawiki packages fix security vulnerability
XSS vulnerability in Special:Search. CVE-2021-41798 ApiQueryBacklinks can cause a full table scan. CVE-2021-41799 Fix PoolCounter protection of Special:Contributions. CVE-2021-41800 ReplaceText continues performing actions if the user no longer has the correct permission such as by being blocked...
MGASA-2018-0433 Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: '$wgRateLimits' entry for 'user' overrides 'newbie' CVE-2018-0503. When a log event is partially hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information CVE-2018-0504. BotPasswords can bypass CentralAuth's...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: '$wgRateLimits' entry for 'user' overrides 'newbie' CVE-2018-0503. When a log event is partially hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information CVE-2018-0504. BotPasswords can bypass CentralAuth's...
MGASA-2017-0110 Updated mediawiki packages fix security vulnerability
API parameters may now be marked as "sensitive" to keep their values out of the logs CVE-2017-0361. "Mark all pages visited" on the watchlist now requires a CSRF token CVE-2017-0362. Special:UserLogin and Special:Search allow redirect to interwiki links CVE-2017-0363, CVE-2017-0364. XSS in...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.11, the API failed to correctly stop adding new chunks to the upload when the reported size was exceeded, allowing a malicious user to upload add an infinite number of chunks for a single file upload CVE-2015-8001. ...
MGASA-2014-0197 Updated mediawiki packages fix security vulnerability
Updated mediawiki packages fix security vulnerability: XSS vulnerability in MediaWiki before 1.22.6, where if the default sort key is set to a string containing a script, the script will be executed when the page is viewed using the info action CVE-2014-2853...