Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : MediaWiki vulnerabilities (USN-8315-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8315-1 advisory. It was discovered that MediaWiki incorrectly handled group membership visibility in the OATHAuth extension. An authenticated...

CVE-2026-34087 Users API leaks whether privileged users have their user groups disabled for lack of 2FA

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34087

CVE-2026-34087 affects Wikimedia Foundation OATHAuth. The connected documents confirm the issue is an exposure of sensitive information to an unauthorized actor, with affected OATHAuth versions listed as before 1.43.7, 1.44.4, 1.45.2. The exploitation status is not provided in the sources. There ...

CVE-2026-34087 Users API leaks whether privileged users have their user groups disabled for lack of 2FA

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from before 1.43.7, 1.44.4, 1.45.2...

Wikimedia OATHAuth 信息泄露漏洞

Wikimedia OATHAuth is a dual authentication extension developed by the Wikimedia Foundation. Versions of Wikimedia OATHAuth prior to 1.43.7, as well as 1.44.4 and 1.45.2, contained a vulnerability that led to the exposure of sensitive information to unauthorized attackers...

PT-2026-33201

Name of the Vulnerable Software and Affected Versions OATHAuth versions prior to 1.43.7 OATHAuth versions prior to 1.44.4 OATHAuth versions prior to 1.45.2 Description An issue in Wikimedia Foundation OATHAuth allows the exposure of sensitive information to an unauthorized actor. Recommendations...

CVE-2025-11173

Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from before 1.39.14, 1.43.4, 1.44.1...

UBUNTU-CVE-2025-11173

Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-11173 Reauth for enabling 2FA can be bypassed by submitting a form

Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-11173

Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from before 1.39.14, 1.43.4, 1.44.1...

EUVD-2025-206638

Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-11173 Reauth for enabling 2FA can be bypassed by submitting a form

Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-11173

CVE-2025-11173 affects Wikimedia Foundation OATHAuth via the file src/Special/OATHManage.Php. The issue impacts OATHAuth versions before 1.39.14, 1.43.4, and 1.44.1. Debian advisories (DSA-6085-1) indicate fixes are available: oldstable (bookworm) upgrades to 1:1.39.17-1~deb12u1, stable (trixie) ...

MGASA-2025-0260 Updated mediawiki packages fix security vulnerabilities

i18n XSS vulnerability in HTMLMultiSelectField when sections are used. CVE-2025-3469 "reupload-own" restriction can be bypassed by reverting file. CVE-2025-32696 Cascading protection is not preventing file reversions. CVE-2025-32697 LogPager.php: Restriction enforcer functions do not correctly...

EUVD-2022-5220

Malicious code in bioql PyPI...

BIT-MEDIAWIKI-2020-25827

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across...

Updated mediawiki packages fix security vulnerability

Bundled PapaParse copy in VisualEditor has known ReDos CVE-2020-36649. An issue was discovered in MediaWiki before 1.35.9. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These fil...

MediaWiki < 1.35.10, 1.36.x < 1.38.6, 1.39.x < 1.39.3 Multiple Vulnerabilities - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

The vulnerability of the OATHAuth extension of the software platform for implementing the MediaWiki hypertext environment allows a hacker to circumvent existing security restrictions through brute-force attacks.

The vulnerability of the OATHAuth extension, a software tool for implementing a hypertext environment like MediaWiki, relates to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow a malicious actor to circumvent existing security measures through...

GHSA-RQVJ-FC2X-99Q6 OATHAuth extension in MediaWiki is not implementing rate limit

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across ma...