Debian Mediawiki vulnerabilities

CVE-2020-25815 [MEDIUM] CVE-2020-25815: mediawiki - An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEve... An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text(). Scope: local bookworm: resolved (fixed in 1:1.35.0-1) bullseye: resolved (fixed in 1:1.35.0-1) forky: resolved (fix

CVE-2020-25812 [MEDIUM] CVE-2020-25812: mediawiki - An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributi... An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML. Scope: local bookworm: resolved (fixed in 1:1.35.0-1) bullseye: resolved (fixed in 1:1.35.0-1) for

CVE-2020-10960 [MEDIUM] CVE-2020-10960: mediawiki - In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) c... In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known

CVE-2020-35480 [MEDIUM] CVE-2020-35480: mediawiki - An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that... An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths. Scope: lo

CVE-2020-25828 [MEDIUM] CVE-2020-25828: mediawiki - An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x be... An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message co

CVE-2020-36649 [LOW] CVE-2020-36649: mediawiki - A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified... A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended

CVE-2020-10959 [MEDIUM] CVE-2020-10959: mediawiki - resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remo... resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-15005 [LOW] CVE-2020-15005: mediawiki - In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1... In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled. Scope: local bookworm: resolve

CVE-2019-12468 [CRITICAL] CVE-2019-12468: mediawiki - An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.... An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. Scope: local bookworm: resolved (fixed in 1:1.31.2-1) bullseye: resolved (fixed in 1:1.31.2-1) forky: resolved (fixed in 1:1.31.2-1) sid:

CVE-2019-12472 [HIGH] CVE-2019-12472: mediawiki - An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.... An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. Scope: local bookworm: resolved (fixed in 1:1.31.2-1) bullseye: resolved (fixed in 1:1.31.2-1) forky: resolved (fixed in 1:1.31.2-1

CVE-2019-12466 [HIGH] CVE-2019-12466: mediawiki - Wikimedia MediaWiki through 1.32.1 allows CSRF. Wikimedia MediaWiki through 1.32.1 allows CSRF. Scope: local bookworm: resolved (fixed in 1:1.31.2-1) bullseye: resolved (fixed in 1:1.31.2-1) forky: resolved (fixed in 1:1.31.2-1) sid: resolved (fixed in 1:1.31.2-1) trixie: resolved (fixed in 1:1.31.2-1)

CVE-2019-12474 [HIGH] CVE-2019-12474: mediawiki - Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged AP... Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. Scope: local bookworm: resolved (fixed in 1:1.31.2-1) bullseye: resolved (fixed in 1:1.31.2-1) forky: resolved (fixed in 1:1.31.2-1) sid: resolved (fi

CVE-2019-12473 [HIGH] CVE-2019-12473: mediawiki - Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid title... Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. Scope: local bookworm: resolved (fixed in 1:1.31.2-1) bullseye: resolved (fixed in 1:1.31.2-1) forky: resolved (fixed in 1:1.31.2-1) sid: resolved (fixed in 1:1.31.2-1) tr

CVE-2019-11358 [MEDIUM] CVE-2019-11358: mediawiki - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan... jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. Scope: local bookworm: resolved (fixed in 1:1.31.2-1) bullseye: resolved (fixed in 1:1.31.

CVE-2019-12469 [MEDIUM] CVE-2019-12469: mediawiki - MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or lo... MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. Scope: local bookworm: resolved (fixed in 1:1.31.2-1) bullseye: resolved (fixed in 1:1.31.2-1) forky: resolved (fixed in 1:1.31.2-1) sid: resolved (fixed in 1:1.31.2-1) trixie: resolved (fixed in 1:1.31.2-

CVE-2019-12467 [MEDIUM] CVE-2019-12467: mediawiki - MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer ... MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. Scope: local bookworm: resolved (fixed in 1:1.31.2-1) bullseye: resolved (fixed in 1:1.31.2-1) forky: resolved (fixed in 1:1.31.2-1) sid: resolved

CVE-2019-19709 [MEDIUM] CVE-2019-19709: mediawiki - MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protecti... MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. Scope: local bookworm: resolved (fixed in 1:1.31.6-1) bullseye: resolved (fixed in 1:1.31.6-1) forky: resol

CVE-2019-12470 [MEDIUM] CVE-2019-12470: mediawiki - Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log ... Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. Scope: local bookworm: resolved (fixed in 1:1.31.2-1) bullseye: resolved (fixed in 1:1.31.2-1) forky: resolved (fixed in 1:1.31.2-1) sid: resolved (fixed in 1:1.31.2-1) trixie: resolved (fixed in 1:1.31.2-

CVE-2019-16738 [MEDIUM] CVE-2019-16738: mediawiki - In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of s... In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. Scope: local bookworm: resolved (fixed in 1:1.31.4-1) bullseye: resolved (fixed in 1:1.31.4-1) forky: resolved (fixed in 1:1.31.4-1) sid: resolved (fixed in 1:1.31.4-1) trixie: resolved (fixed in 1:1.31.4-1)

CVE-2019-12471 [MEDIUM] CVE-2019-12471: mediawiki - Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from ... Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. Scope: local bookworm: resolved (fixed in 1:1.31.2-1) bullseye: resolved (fixed in 1:1.31.2-1) forky: resolved (fixed in 1:1.31.2-1) s