CVE-2019-19709Open Redirect in Core

CWE-601Open Redirect5 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 45.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
MediawikiMediawiki CoreDebian Mediawiki+1 more
Timeline
PublishedDec 11
Latest updateMay 24

Description

MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

Packagistmediawiki/core1.31.01.31.6+3
debiandebian/mediawiki< mediawiki 1:1.31.6-1 (bookworm)
Debianmediawiki/mediawiki< 1:1.31.6-1+3

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

3
GHSA
Possible to circumvent title-blacklist2022-05-24
OSV
Possible to circumvent title-blacklist2022-05-24
OSV
CVE-2019-19709: MediaWiki through 12019-12-11

📋Vendor Advisories

1
Debian
CVE-2019-19709: mediawiki - MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protecti...2019
CVE-2019-19709 — Open Redirect in Mediawiki Core | cvebase