MGASA-2021-0568

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0568.html

Import Source

https://advisories.mageia.org/MGASA-2021-0568.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0568

Related

Published

2021-12-19T12:26:08Z

Modified

2021-12-19T11:50:19Z

Summary

Updated mediawiki packages fix security vulnerabilities

Details

Updated mediawiki packages fix security vulnerabilities:

== Security fixes == * (T292763. CVE-2021-44854) REST API incorrectly publicly caches autocomplete search results from private wikis. * (T271037, CVE-2021-44856) Title blocked in AbuseFilter can be created via Special:ChangeContentModel. * (T297322, CVE-2021-44857) Unauthorized users can use action=mcrundo to replace the content of arbitrary pages. * (T297322, CVE-2021-44858) Unauthorized users can view contents of private wikis using various actions. * (T297574, CVE-2021-45038) Unauthorized users can access private wiki contents using rollback action

=== Extension security fixes === * (T293589, CVE-2021-44855) Blind Stored XSS in VisualEditor media dialog. * (T294686) Special:Nuke doesn't actually delete pages.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / mediawiki

Package

Name: mediawiki
Purl: pkg:rpm/mageia/mediawiki?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.35.5-1.mga8

Ecosystem specific

{
    "section": "core"
}