Debian Mediawiki vulnerabilities

CVE-2021-44854 [MEDIUM] CVE-2021-44854: mediawiki - An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.... An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. Scope: local bookworm: resolved (fixed in 1:1.35.5-1) bullseye: resolved (fixed in 1:1.35.8-1~deb11u1) forky: resolved (fixed in 1:1.35.5-1) sid: resolved (fixed in 1:1.35.5-1) trixie: resolved (fixed in 1:1

CVE-2021-30159 [MEDIUM] CVE-2021-30159: mediawiki - An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x be... An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will d

CVE-2021-30157 [MEDIUM] CVE-2021-30157: mediawiki - An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x be... An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS. Scope: local bookworm: resolved (fixed in 1:1.35.2-1) bullseye: resolved (fixed in 1:1.35.2-1) fo

CVE-2021-41800 [MEDIUM] CVE-2021-41800: mediawiki - MediaWiki before 1.36.2 allows a denial of service (resource consumption because... MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. Scope: local bookworm: resolved (fixed in 1:1.35.4-1) bullseye: resolved (fixed in 1:1.35.4-1~deb11u1) forky: resolved (fi

CVE-2021-30152 [MEDIUM] CVE-2021-30152: mediawiki - An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x be... An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for. Scope: local bookworm: resolved (fixed in 1:1.35.2-1) bullseye: resolved (fixed in 1:1.35.2-1) forky: resolved (fixed in 1:1.

CVE-2021-44855 [MEDIUM] CVE-2021-44855: mediawiki - An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.... An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature. Scope: local bookworm: resolved (fixed in 1:1.35.5-1) bullseye: resolved (fixed in 1:1.35.8-1~deb11u1) forky: resolved (fixed in 1:1.35.5-1) sid: resolved (fixed in 1:1.35.5-1) trixie: resolved (fixe

CVE-2021-30158 [MEDIUM] CVE-2021-30158: mediawiki - An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x be... An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unaut

CVE-2021-30155 [MEDIUM] CVE-2021-30155: mediawiki - An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x be... An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page. Scope: local bookworm: resolved (fixed in 1:1.35.2-1) bullseye: resolved (fixed in 1:1.35.2-1) forky: resolved (fixed in 1:1.35.2-1) sid: resolv

CVE-2021-30154 [MEDIUM] CVE-2021-30154: mediawiki - An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x be... An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. Scope: local bookworm: resolved (fixed in 1:1.35.2-1) bullseye: resolved (fixed in 1:1.35.2-1) forky: resolved (fixed in 1:1.35.2-1) sid: resolved (fixed in 1:1.3

CVE-2021-44857 [MEDIUM] CVE-2021-44857: mediawiki - An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.... An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead. Sco

CVE-2021-30458 [MEDIUM] CVE-2021-30458: mediawiki - An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.1... An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS. Scope: local bookworm: resolved (fixed in 1:1.35.2-1) bullseye: resolved (fixed in 1:1.35.2-1) forky: resolved (fixed in 1:

CVE-2021-30156 [MEDIUM] CVE-2021-30156: mediawiki - An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x be... An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-25827 [HIGH] CVE-2020-25827: mediawiki - An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 an... An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently. Scope: local bookworm: resolved (fixe

CVE-2020-35475 [HIGH] CVE-2020-35475: mediawiki - In MediaWiki before 1.35.1, the messages userrights-expiry-current and userright... In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctl

CVE-2020-25813 [MEDIUM] CVE-2020-25813: mediawiki - In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:Use... In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. Scope: local bookworm: resolved (fixed in 1:1.35.0-1) bullseye: resolved (fixed in 1:1.35.0-1) forky: resolved (fixed in 1:1.35.0-1) sid: resolved (fixed in 1:1.35.0-1) trixie: resolved (fixed in 1:1.35.0-1)

CVE-2020-35479 [MEDIUM] CVE-2020-35479: mediawiki - MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translat... MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later. Scope: local bookworm: resolved (fixed in 1:1.35.1-1) bullseye: resolved (fixed in 1:1.3

CVE-2020-35477 [MEDIUM] CVE-2020-35477: mediawiki - MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some s... MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead

CVE-2020-35478 [MEDIUM] CVE-2020-35478: mediawiki - MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknam... MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later. Scope: local bookworm: resolved (fixed in 1:1.35.1-1) bullseye: resolved (fixed in 1:1.35.1-1) forky: resolved (fixed in 1:1.35.1-1) sid: resolved

CVE-2020-25814 [MEDIUM] CVE-2020-25814: mediawiki - In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related... In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an tag (or it does not have a href attribute, or it's empty, etc.). The actua

CVE-2020-35474 [MEDIUM] CVE-2020-35474: mediawiki - In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::tex... In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML. Scope: local bookworm: resolved (fixed in 1:1.35.1-1) bullseye: resolved (fixed in 1:1.35.1-1) forky: resolved (fixed in 1:1.35.1-1) sid: reso