mediawiki/core Security Advisories for 1.32.0-rc.1 (13)
-
[HIGH] MediaWiki Denial of Service vulnerability
PKSA-wzph-c8jf-dsw9 CVE-2023-45363 GHSA-w5fx-cx7f-6vr9
Affected version: =1.40.0|>=1.36.0,<1.39.5|<1.35.12
Reported by:
GitHub -
[CRITICAL] X-Forwarded-For header allows brute-forcing autoblocked IP addresses
PKSA-sywz-vkhh-67ff CVE-2023-29141 GHSA-5vj8-g3qg-4qh6
Affected version: <1.35.10|>=1.38.0,<1.38.6|>=1.39.0,<1.39.3
Reported by:
GitHub -
[MEDIUM] MediaWiki allows a denial of service
PKSA-qcmj-k84v-rjky CVE-2021-41800 GHSA-c8wv-qwwc-6j73
Affected version: <1.36.2
Reported by:
GitHub -
[MEDIUM] img_auth.php may leak private extension images into the public cache
PKSA-ddy8-wbbj-hqfh CVE-2020-15005 GHSA-xpv7-93cm-4mxv
Affected version: >=1.34.0,<1.34.2|>=1.32.0,<1.33.4|<1.31.8
Reported by:
GitHub -
[MEDIUM] Possible to circumvent title-blacklist
PKSA-cs63-3stv-1jvc CVE-2019-19709 GHSA-pjv5-vv93-p648
Affected version: >=1.31.0,<1.31.6|>=1.32.0,<1.32.6|>=1.33.0,<1.33.2|>=1.33.99,<1.34.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Exposed suppressed username via Special:Redirect
PKSA-2hm2-kzrp-dy4t CVE-2019-16738 GHSA-7hwr-f745-5rwq
Affected version: >=1.31.0,<1.31.4|>=1.32.0,<1.32.4|>=1.33.0,<1.33.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Exposed suppressed log in RevisionDelete page
PKSA-jpp4-6j25-9ryr CVE-2019-12470 GHSA-733q-m38x-q7cc
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] API responses for unpatrolled or (not) autopatrolled recent changes require privileges but may be cached publicly
PKSA-fksz-ptgz-3jth CVE-2019-12474 GHSA-2qrr-c2gh-pr35
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Forbid blocking IP ranges as big as /1 and /2, as done on ruwikiquote using the API
PKSA-2rqt-w99v-qcks CVE-2019-12472 GHSA-7mqg-5fgh-xh4r
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Exposed suppressed username or log in Special:EditTags
PKSA-92kc-wmpx-tswg CVE-2019-12469 GHSA-x3fr-w7r5-x7rg
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Direct POST to Special:ChangeEmail will bypass reauth check
PKSA-kgmc-xj3p-ddfr CVE-2019-12468 GHSA-wrhx-3pxr-6vgg
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Need to make a limit of count of attempts to change email address
PKSA-79fc-46xz-1c8z CVE-2019-12467 GHSA-6vfg-8ppv-h5hg
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Use token when logging out
PKSA-kb8d-c7hc-dy3v CVE-2019-12466 GHSA-27fw-r78j-h898
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2|>=1.32.99,<1.33.0
Reported by:
GitHub, FriendsOfPHP/security-advisories