[FREEBSD:3C5A4FE0-9EBB-11E9-9169-FCAA147E860E] mediawiki -- multiple vulnerabilities
Severity
Critical
Affected Packages
2
CVEs
10
Mediawiki reports:
Security fixes:
T197279, CVE-2019-12468: Directly POSTing to Special:ChangeEmail would allow
for bypassing reauthentication, allowing for potential account takeover.
T204729, CVE-2019-12473: Passing invalid titles to the API could cause a DoS
by querying the entire `watchlist` table.
T207603, CVE-2019-12471: Loading user JavaScript from a non-existent account
allows anyone to create the account, and XSS the users' loading that script.
T208881: blacklist CSS var().
T199540, CVE-2019-12472: It is possible to bypass the limits on IP range
blocks (`$wgBlockCIDRLimit`) by using the API.
T212118, CVE-2019-12474: Privileged API responses that include whether a
recent change has been patrolled may be cached publicly.
T209794, CVE-2019-12467: A spammer can use Special:ChangeEmail to send out
spam with no rate limiting or ability to block them.
T25227, CVE-2019-12466: An account can be logged out without using a token(CRRF)
T222036, CVE-2019-12469: Exposed suppressed username or log in Special:EditTags.
T222038, CVE-2019-12470: Exposed suppressed log in RevisionDelete page.
T221739, CVE-2019-11358: Fix potential XSS in jQuery.
Package | Affected Version |
---|---|
pkg:freebsd/mediawiki132 | < 1.32.3 |
pkg:freebsd/mediawiki131 | < 1.31.3 |
- ID
- FREEBSD:3C5A4FE0-9EBB-11E9-9169-FCAA147E860E
- Severity
- critical
- Severity from
- CVE-2019-12468
- URL
- http://vuxml.freebsd.org/freebsd/3c5a4fe0-9ebb-11e9-9169-fcaa147e860e.html
- Published
-
2019-04-23T00:00:00
(5 years ago) - Modified
-
2019-07-05T00:00:00
(5 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS2-2020-1519
- ALAS2-2023-1905
- ALPINE:CVE-2019-11358
- ALSA-2020:4670
- ALSA-2020:4847
- ASA-201906-2
- DSA-4434-1
- DSA-4460-1
- ELSA-2020-3936
- ELSA-2022-7343
- FEDORA-2019-040857fd75
- FEDORA-2019-1a3edd7e8a
- FEDORA-2019-2a0ce0c58c
- FEDORA-2019-41d6ffd6f0
- FEDORA-2019-5f1a2cc839
- FEDORA-2019-7eaf0bbe7c
- FEDORA-2019-84a50e34a9
- FEDORA-2019-a06dffab1c
- FEDORA-2019-eba8e44ee6
- FEDORA-2019-f563e66380
- FREEBSD:FFC73E87-87F0-11E9-AD56-FCAA147E860E
- MAVEN:GHSA-6C3J-C64M-QHGQ
- NPM:GHSA-6C3J-C64M-QHGQ
- openSUSE-SU-2019:1839-1
- openSUSE-SU-2019:1872-1
- PHP:MEDIAWIKI-CORE-2019-12466
- PHP:MEDIAWIKI-CORE-2019-12467
- PHP:MEDIAWIKI-CORE-2019-12468
- PHP:MEDIAWIKI-CORE-2019-12469
- PHP:MEDIAWIKI-CORE-2019-12470
- PHP:MEDIAWIKI-CORE-2019-12471
- PHP:MEDIAWIKI-CORE-2019-12472
- PHP:MEDIAWIKI-CORE-2019-12473
- PHP:MEDIAWIKI-CORE-2019-12474
- RHSA-2020:3936
- RHSA-2020:4670
- RHSA-2020:4847
- RHSA-2021:4142
- RHSA-2022:7343
- RLSA-2020:4670
- RLSA-2020:4847
- RUBYSEC:JQUERY-RAILS-2019-11358
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-June/000230.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/mediawiki132 | mediawiki132 | < 1.32.3 | ||||
Affected | pkg:freebsd/mediawiki131 | mediawiki131 | < 1.31.3 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |