AVG-765 log

Package	mediawiki
Status	Fixed
Severity	Medium
Type	multiple issues
Affected	1.31.0-1
Fixed	1.31.1-1
Current	1.41.1-1 [extra]
Ticket	None
Created	Fri Sep 21 08:52:51 2018

Issue	Severity	Remote	Type	Description
CVE-2018-13258	Medium	Yes	Information disclosure	A security issue has been found in mediawiki < 1.31.1 where the tarball is missing .htaccess files used to protect some directories that shouldn't be web accessible.
CVE-2018-0505	Medium	Yes	Access restriction bypass	A security issue has been found in mediawiki < 1.31.1 where BotPassword can bypass CentralAuth's account lock.
CVE-2018-0503	Low	Yes	Access restriction bypass	A security issue has been found in the rate limiting feature of mediawiki < 1.31.1 where, contrary to the documentation, $wgRateLimits entry for 'user'...

Issue

Severity

Remote

Type

Description

CVE-2018-13258

Medium

Yes

Information disclosure

A security issue has been found in mediawiki < 1.31.1 where the tarball is missing .htaccess files used to protect some directories that shouldn't be web accessible.

CVE-2018-0505

Medium

Yes

Access restriction bypass

A security issue has been found in mediawiki < 1.31.1 where BotPassword can bypass CentralAuth's account lock.

CVE-2018-0503

Low

Yes

Access restriction bypass

A security issue has been found in the rate limiting feature of mediawiki < 1.31.1 where, contrary to the documentation, $wgRateLimits entry for 'user'...

Date	Advisory	Package	Type
25 Sep 2018	ASA-201809-5	mediawiki	multiple issues

References
https://www.mediawiki.org/wiki/Release_notes/1.31