Debian Mediawiki vulnerabilities

CVE-2022-31042 [HIGH] CVE-2022-31042: guzzle - Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` head... Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `

CVE-2022-41765 [MEDIUM] CVE-2022-41765: mediawiki - An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.3... An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users. Scope: local bookworm: resolved (fixed in 1:1.35.8-1) bullseye: resolved (fixed in 1:1.35.8-1~deb11u1) forky: resolved (fixed in 1:1.35.8-1) sid: resolved (fixed in 1:1.35.8-1) trixie: resolved (f

CVE-2022-34912 [MEDIUM] CVE-2022-34912: mediawiki - An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The... An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped. Scope: local bookworm: resolved (fixed in 1:1.35.7-1) bullseye: resolved (fixed in 1:1.35.8

CVE-2022-47927 [MEDIUM] CVE-2022-47927: mediawiki - An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before... An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data. Scope: local bookworm: resolved (fixed in 1:1.

CVE-2022-28202 [MEDIUM] CVE-2022-28202: mediawiki - An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, an... An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. Scope: local bookworm: resolved (fixed in 1:1.35.6-1) bullseye: resolved (fixed in 1:1.35.8-1~deb11u1) forky: resolved (fixed

CVE-2022-41767 [MEDIUM] CVE-2022-41767: mediawiki - An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.3... An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup. Scope: local bookworm: resolved (fixed in 1:1.35.8-1) bulls

CVE-2022-28201 [MEDIUM] CVE-2022-28201: mediawiki - An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.... An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message. Scope: local bookworm: resolved (fixed in 1:1.35.6-1) bullseye: resolved (fixed in 1:1.35.8-1~deb11u1) forky: resolved (f

CVE-2022-34911 [MEDIUM] CVE-2022-34911: mediawiki - An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.3... An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showS

CVE-2022-28204 [HIGH] CVE-2022-28204: mediawiki - A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rend... A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-41766 [MEDIUM] CVE-2022-41766: mediawiki - An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.3... An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed). Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2021-27291 [HIGH] CVE-2021-27291: mediawiki - In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages... In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. Scope: local bookworm: resolved (fixed in 1:1.35.2-1) bullseye: res

CVE-2021-20270 [HIGH] CVE-2021-20270: mediawiki - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denia... An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. Scope: local bookworm: resolved (fixed in 1:1.35.2-1) bullseye: resolved (fixed in 1:1.35.2-1) forky: resolved (fixed in 1:1.35.2-1)

CVE-2021-41799 [HIGH] CVE-2021-41799: mediawiki - MediaWiki before 1.36.2 allows a denial of service (resource consumption because... MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan. Scope: local bookworm: resolved (fixed in 1:1.35.4-1) bullseye: resolved (fixed in 1:1.35.4-1~deb11u1) forky: resolved (fixed in 1:1.35.4-1) sid: resolved (fixed in 1:1.35.4

CVE-2021-41801 [HIGH] CVE-2021-41801: mediawiki - The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Contro... The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog) Scope: local bookworm: resolved (fixed in 1:1.35.4-1) bullseye: resolved (fixed in 1:1.35.4-1~deb11u1) forky: resolved (fixed in 1:1.35.4

CVE-2021-35197 [HIGH] CVE-2021-35197: mediawiki - In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x bef... In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented). Scope: local bookworm: resolved (fixed in 1:1.35.3-1) bullseye: r

CVE-2021-44858 [HIGH] CVE-2021-44858: mediawiki - An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.... An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead. Scope: local bookworm: resolved (fixed in 1:1.35.5-1) bullseye: resolved (fixed in 1:

CVE-2021-30153 [MEDIUM] CVE-2021-30153: mediawiki - An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.1... An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor. Scope: local bo

CVE-2021-44856 [MEDIUM] CVE-2021-44856: mediawiki - An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.... An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value. Scope: local bookworm: resolved (fixed in 1:1.35.5-1) bullseye: resolved (fixed in 1:1.35.8-1~deb11u1) forky: reso

CVE-2021-41798 [MEDIUM] CVE-2021-41798: mediawiki - MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not esc... MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. Scope: local bookworm: resolved (fixed in 1:1.35.4-1) bullseye: resolved (fixed in 1:1.35.4-1~deb11u1) forky: resolved (fixed in 1:1.35.4-1) sid: resolved (fixed in 1:1.35.4-1) trixie: resolved (fixed in 1:1.35.4-1)

CVE-2021-45038 [MEDIUM] CVE-2021-45038: mediawiki - An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.... An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents. Scope: local bookworm: resolved (fixed in 1:1.35.5-1) bullseye: resolved (fixed in 1:1.35.4-1+deb11u2) forky: resolved (fixed in 1:1.35.5-1) sid: resolved (fixed in 1:1.35.5-1) trixie: re