1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2021-d298103d3a

[FEDORA-2021-d298103d3a] Fedora 34: mediawiki

Severity Medium
Affected Packages 1
CVEs 7
Info Packages References Vulnerabilities

https://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000272.html

Package Affected Version
pkg:rpm/fedora/mediawiki?distro=fedora-34 < 1.35.2.1.fc34
ID
FEDORA-2021-d298103d3a
Severity
medium
Severity from
CVE-2021-30154
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2021-d298103d3a
Published
2021-04-24T20:24:48
(3 years ago)
Modified
2021-04-24T20:24:48
(3 years ago)
Rights
Copyright 2021 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 1948642 Bug #1948642 - CVE-2021-30155 mediawiki: ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1948642
Bugzilla 1948644 Bug #1948644 - CVE-2021-30156 mediawiki: Special:Contributions toolbar reveals existence of hidden users [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1948644
Bugzilla 1947660 Bug #1947660 - mediawiki-1.35.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1947660
Bugzilla 1946691 Bug #1946691 - CVE-2021-30154 mediawiki: XSS due to unescaped messages used in HTML on Special:NewFiles [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1946691
Bugzilla 1948639 Bug #1948639 - CVE-2021-30159 mediawiki: users can bypass intended restrictions on deleting pages in certain "fast double move" situations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1948639
Bugzilla 1946693 Bug #1946693 - CVE-2021-30157 mediawiki: XSS due to unescaped messages used in HTML on ChangesList pages [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1946693
Bugzilla 1948637 Bug #1948637 - CVE-2021-30152 mediawiki: action=protect lets users with 'protect' permission protect to higher protection level [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1948637
Bugzilla 1946699 Bug #1946699 - CVE-2021-30158 mediawiki: blocked users are unable to use Special:ResetTokens [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1946699
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/mediawiki?distro=fedora-34 fedora mediawiki < 1.35.2.1.fc34 fedora-34
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date