Search for packages
| purl | pkg:deb/debian/mediawiki@1:1.31.2-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1697-p35n-fber | Wikimedia MediaWiki allows CSRF Wikimedia MediaWiki through 1.32.1 allows CSRF in logout feature. |
CVE-2019-12466
GHSA-27fw-r78j-h898 |
| VCID-1866-gt2g-1qfv | MediaWiki Incorrect Access Control vulnerability MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
CVE-2019-12469
GHSA-x3fr-w7r5-x7rg |
| VCID-3s9f-prpy-hbcx | Cross-site Scripting The jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.` |
CVE-2019-11358
GHSA-6c3j-c64m-qhgq |
| VCID-bbef-akjp-a3gp | Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
CVE-2019-12473
GHSA-33xw-x3pr-rvqj |
| VCID-gma6-b9cy-kqee | MediaWiki Incorrect Access Control vulnerability MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
CVE-2019-12467
GHSA-6vfg-8ppv-h5hg |
| VCID-kjp3-cs2f-t7b4 | MediaWiki Cross-site Scripting (XSS) Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
CVE-2019-12471
GHSA-2rm7-xxx8-35jh |
| VCID-qmx3-kcnd-zuhe | Wikimedia MediaWiki Incorrect Access Control vulnerability An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. |
CVE-2019-12468
GHSA-wrhx-3pxr-6vgg |
| VCID-tq2e-c9ym-a3hj | Wikimedia information leak vulnerability Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
CVE-2019-12474
GHSA-2qrr-c2gh-pr35 |
| VCID-u2xc-ztge-p3bv | MediaWiki Incorrect Access Control vulnerability An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
CVE-2019-12472
GHSA-7mqg-5fgh-xh4r |
| VCID-yr8d-347g-pugg | Wikimedia MediaWik exposed suppressed log in RevisionDelete page Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
CVE-2019-12470
GHSA-733q-m38x-q7cc |