mediawiki

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description MediaWiki engine
Version 1.31.0-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-491 1.28.2-1 1.28.3-1 Critical Fixed
AVG-490 1.29.1-1 1.29.2-1 High Fixed
AVG-259 1.28.1-1 1.28.2-1 Medium Fixed
AVG-236 1.28.0-1 1.28.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-9841 AVG-491 Critical Yes Arbitrary code execution
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning...
CVE-2017-8815 AVG-490 High Yes Cross-site scripting
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
CVE-2017-8814 AVG-490 High Yes Cross-site scripting
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule...
CVE-2017-8812 AVG-490 Medium Yes Insufficient validation
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute...
CVE-2017-8811 AVG-490 High Yes Cross-site scripting
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
CVE-2017-8810 AVG-490 Low Yes Information disclosure
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed...
CVE-2017-8809 AVG-490 High Yes Url request injection
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
CVE-2017-8808 AVG-490 High Yes Cross-site scripting
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends...
CVE-2017-0372 AVG-259 Medium Yes Cross-site scripting
The SyntaxHighlight extension in MediaWiki before 1.28.1 does not properly validate the 'start' parameter before passing it to Pygments.
CVE-2017-0370 AVG-236 Medium Yes Insufficient validation
The spam blacklist in MediaWiki before 1.28.1 could be bypassed by encoding URLs inside a file inclusion syntax's link parameter.
CVE-2017-0369 AVG-236 Low Yes Access restriction bypass
In MediaWiki < 1.28.1, a normal sysop that doesn't have the necessary rights to override a page protection can still recreate it by restoring a former...
CVE-2017-0368 AVG-236 Low Yes Cross-site scripting
MediaWiki < 1.28.1 did not properly mark system messages as raw HTML, hence not properly escaping it.
CVE-2017-0367 AVG-236 High No Arbitrary code execution
MediaWiki before 1.28.1 uses the default system temporary directory for the LocalisationCache directory, allowing a local attacker to execute arbitrary code...
CVE-2017-0366 AVG-236 High Yes Cross-site scripting
MediaWiki < 1.28.1 did not properly filter the DTD declaration when a SVG file was uploaded, leading to a persistent XSS.
CVE-2017-0365 AVG-236 Medium Yes Cross-site scripting
SearchHighlighter::removeWiki() uses a regex to remove html from snippets. The regex - /<\/?[^>]+>/ assumes that html is well-formed. As a result when using...
CVE-2017-0364 AVG-236 Medium Yes Open redirect
The Special:Search page in MediaWiki < 1.28.1 has an open redirect issue.
CVE-2017-0363 AVG-236 Medium Yes Open redirect
The Special:UserLogin page in MediaWiki < 1.28.1 has an open redirect issue.
CVE-2017-0362 AVG-236 Medium Yes Cross-site request forgery
MediaWiki before 1.18.1 did not require a CSRF token for the "Mark all pages visited" action on the watchlist.
CVE-2017-0361 AVG-490 High No Information disclosure
MediaWiki before 1.29.2 may leak passwords in plaintext. API parameters may now be marked as "sensitive" to keep their values out of the logs.
CVE-2017-0361 AVG-236 High No Information disclosure
MediaWiki before 1.29.2 may leak passwords in plaintext. API parameters may now be marked as "sensitive" to keep their values out of the logs.

Advisories

Date Advisory Group Severity Description
15 Nov 2017 ASA-201711-20 AVG-490 High multiple issues
07 Apr 2017 ASA-201704-3 AVG-236 High multiple issues