AVG-765

Package mediawiki
Status Fixed
Severity Medium
Type multiple issues
Affected 1.31.0-1
Fixed 1.31.1-1
Current 1.32.0-1 [community]
Ticket None
Created Fri Sep 21 08:52:51 2018
Issue Severity Remote Type Description
CVE-2018-13258 Medium Yes Information disclosure
A security issue has been found in mediawiki < 1.31.1 where the tarball is missing .htaccess files used to protect some directories that shouldn't be web accessible.
CVE-2018-0505 Medium Yes Access restriction bypass
A security issue has been found in mediawiki < 1.31.1 where BotPassword can bypass CentralAuth's account lock.
CVE-2018-0503 Low Yes Access restriction bypass
A security issue has been found in the rate limiting feature of mediawiki < 1.31.1 where, contrary to the documentation, $wgRateLimits entry for 'user'...
Date Advisory Package Description
25 Sep 2018 ASA-201809-5 mediawiki multiple issues
References
https://www.mediawiki.org/wiki/Release_notes/1.31