NotCVE - vendor:"Mediawiki" product:"Mediawiki" version:" >= 1.36.0

Page 9 of 103 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

CVE-2022-41766

https://notcve.org/view.php?id=CVE-2022-41766

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed). • https://phabricator.wikimedia.org/T307278 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-29139

https://notcve.org/view.php?id=CVE-2023-29139

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout). • https://phabricator.wikimedia.org/T326293 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-29137

https://notcve.org/view.php?id=CVE-2023-29137

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users. • https://phabricator.wikimedia.org/T328643 •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-29140

https://notcve.org/view.php?id=CVE-2023-29140

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted. • https://phabricator.wikimedia.org/T327613 •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-29141

https://notcve.org/view.php?id=CVE-2023-29141

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. • https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39 https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7 https://phabricator.wikimedia.org/T285159 https://www.debian.org/security/2023/dsa-5447 •

1...7 8 9 10 11