AVG-765 log
Package | mediawiki |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 1.31.0-1 |
Fixed | 1.31.1-1 |
Current | 1.42.3-1 [extra] |
Ticket | None |
Created | Fri Sep 21 08:52:51 2018 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2018-13258 | Medium | Yes | Information disclosure | A security issue has been found in mediawiki < 1.31.1 where the tarball is missing .htaccess files used to protect some directories that shouldn't be web accessible. |
CVE-2018-0505 | Medium | Yes | Access restriction bypass | A security issue has been found in mediawiki < 1.31.1 where BotPassword can bypass CentralAuth's account lock. |
CVE-2018-0503 | Low | Yes | Access restriction bypass | A security issue has been found in the rate limiting feature of mediawiki < 1.31.1 where, contrary to the documentation, $wgRateLimits entry for 'user'... |
Date | Advisory | Package | Type |
---|---|---|---|
25 Sep 2018 | ASA-201809-5 | mediawiki | multiple issues |
References |
---|
https://www.mediawiki.org/wiki/Release_notes/1.31 |