GHSA-mqhw-wq8p-vf5r

Source

https://github.com/advisories/GHSA-mqhw-wq8p-vf5r

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mqhw-wq8p-vf5r/GHSA-mqhw-wq8p-vf5r.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-mqhw-wq8p-vf5r

Aliases

Published

2022-05-24T17:18:58Z

Modified

2024-05-15T23:12:53.683379Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

MediaWiki Open Redirect vulnerability

Details

resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.

Database specific

{
    "github_reviewed_at": "2024-05-15T22:52:26Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-601"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2020-06-02T14:15:00Z"
}

References

Affected packages

Packagist / mediawiki/core

Package

Name: mediawiki/core
Purl: pkg:composer/mediawiki/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.34.0-rc.0

Affected versions

1.*

1.20.3

1.20.4

1.20.5

1.20.6

1.20.7

1.20.8

1.21.0

1.21.1

1.21.2

1.21.3

1.21.4

1.21.5

1.21.6

1.21.7

1.21.8

1.21.9

1.21.10

1.21.11

1.22.0rc0

1.24.0-rc.0

1.24.0-rc.1

1.24.0-rc.2

1.24.0-rc.3

1.24.0

1.24.1

1.24.2

1.24.3

1.24.4

1.24.5

1.24.6

1.25.0-rc.0

1.25.0

1.25.1

1.25.2

1.25.3

1.25.4

1.25.5

1.25.6

1.26.0

1.26.1

1.26.2

1.26.3

1.26.4

1.27.0-rc.0

1.27.0-rc.1

1.27.0

1.27.1

1.27.2

1.27.3

1.27.4

1.27.5

1.27.6

1.27.7

1.28.0-rc.0

1.28.0-rc.1

1.28.0

1.28.1

1.28.2

1.28.3

1.29.0-rc.0

1.29.0-rc.1

1.29.0

1.29.1

1.29.2

1.29.3

1.30.0-rc.0

1.30.0

1.30.1

1.30.2

1.31.0-rc.0

1.31.0-rc.1

1.31.0-rc.2

1.31.0

1.31.1

1.31.2

1.31.3

1.31.4

1.31.5

1.31.6

1.31.7

1.31.8

1.31.9

1.31.10

1.31.11

1.31.12

1.31.13

1.31.14

1.31.15

1.31.16

1.32.0-rc.0

1.32.0-rc.1

1.32.0-rc.2

1.32.0

1.32.1

1.32.2

1.32.3

1.32.4

1.32.5

1.32.6

1.33.0-rc.0

1.33.0

1.33.1

1.33.2

1.33.3

1.33.4