[FREEBSD:3C5A4FE0-9EBB-11E9-9169-FCAA147E860E] mediawiki -- multiple vulnerabilities
Severity
Critical
Affected Packages
2
CVEs
10
Mediawiki reports:
Security fixes:
T197279, CVE-2019-12468: Directly POSTing to Special:ChangeEmail would allow
for bypassing reauthentication, allowing for potential account takeover.
T204729, CVE-2019-12473: Passing invalid titles to the API could cause a DoS
by querying the entire `watchlist` table.
T207603, CVE-2019-12471: Loading user JavaScript from a non-existent account
allows anyone to create the account, and XSS the users' loading that script.
T208881: blacklist CSS var().
T199540, CVE-2019-12472: It is possible to bypass the limits on IP range
blocks (`$wgBlockCIDRLimit`) by using the API.
T212118, CVE-2019-12474: Privileged API responses that include whether a
recent change has been patrolled may be cached publicly.
T209794, CVE-2019-12467: A spammer can use Special:ChangeEmail to send out
spam with no rate limiting or ability to block them.
T25227, CVE-2019-12466: An account can be logged out without using a token(CRRF)
T222036, CVE-2019-12469: Exposed suppressed username or log in Special:EditTags.
T222038, CVE-2019-12470: Exposed suppressed log in RevisionDelete page.
T221739, CVE-2019-11358: Fix potential XSS in jQuery.
| Package | Affected Version |
|---|---|
 pkg:freebsd/mediawiki132
|
< 1.32.3 |
|
pkg:freebsd/mediawiki131
|
< 1.31.3 |
- ID
- FREEBSD:3C5A4FE0-9EBB-11E9-9169-FCAA147E860E
- Severity
- critical
- Severity from
- CVE-2019-12468
- URL
- http://vuxml.freebsd.org/freebsd/3c5a4fe0-9ebb-11e9-9169-fcaa147e860e.html
- Published
-
2019-04-23T00:00:00
(5 years ago) - Modified
-
2019-07-05T00:00:00
(5 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
-
ALAS2-2020-1519
-
ALAS2-2023-1905
-
ALPINE:CVE-2019-11358
-
ALSA-2020:4670
-
ALSA-2020:4847
-
ASA-201906-2
-
DSA-4434-1
-
DSA-4460-1
-
ELSA-2020-3936
-
ELSA-2022-7343
-
FEDORA-2019-040857fd75
-
FEDORA-2019-1a3edd7e8a
-
FEDORA-2019-2a0ce0c58c
-
FEDORA-2019-41d6ffd6f0
-
FEDORA-2019-5f1a2cc839
-
FEDORA-2019-7eaf0bbe7c
-
FEDORA-2019-84a50e34a9
-
FEDORA-2019-a06dffab1c
-
FEDORA-2019-eba8e44ee6
-
FEDORA-2019-f563e66380
-
FREEBSD:FFC73E87-87F0-11E9-AD56-FCAA147E860E
-
MAVEN:GHSA-6C3J-C64M-QHGQ
-
NPM:GHSA-6C3J-C64M-QHGQ
-
openSUSE-SU-2019:1839-1
-
openSUSE-SU-2019:1872-1
-
PHP:MEDIAWIKI-CORE-2019-12466
-
PHP:MEDIAWIKI-CORE-2019-12467
-
PHP:MEDIAWIKI-CORE-2019-12468
-
PHP:MEDIAWIKI-CORE-2019-12469
-
PHP:MEDIAWIKI-CORE-2019-12470
-
PHP:MEDIAWIKI-CORE-2019-12471
-
PHP:MEDIAWIKI-CORE-2019-12472
-
PHP:MEDIAWIKI-CORE-2019-12473
-
PHP:MEDIAWIKI-CORE-2019-12474
-
RHSA-2020:3936
-
RHSA-2020:4670
-
RHSA-2020:4847
-
RHSA-2021:4142
-
RHSA-2022:7343
-
RLSA-2020:4670
-
RLSA-2020:4847
-
RUBYSEC:JQUERY-RAILS-2019-11358
-
| Source | # ID | Name | URL |
|---|---|---|---|
| FreeBSD VuXML |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:freebsd/mediawiki132 |
mediawiki132
|
< 1.32.3 | ||||
| Affected | pkg:freebsd/mediawiki131 |
mediawiki131
|
< 1.31.3 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |