oss-sec mailing list archives
CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10
From: Chris Steipp <csteipp () wikimedia org>
Date: Wed, 12 Aug 2015 06:07:55 -0700
Hi, the following issues were patched in MediaWiki and extensions this week. Can we get CVE's assigned? * Internal review discovered that Special:DeletedContributions did not properly protect the IP of autoblocked users. This fix makes the functionality of Special:DeletedContributions consistent with Special:Contributions and Special:BlockList. <https://phabricator.wikimedia.org/T106893> * Internal review discovered that watchlist anti-csrf tokens were not being compared in constant time, which could allow various timing attacks. This could allow an attacker to modify a user's watchlist via csrf. <https://phabricator.wikimedia.org/T94116> * John Menerick reported that MediaWiki's thumb.php failed to sanitize various error messages, resulting in xss. <https://phabricator.wikimedia.org/T97391> * Extension:SemanticForms - MediaWiki user Grunny discovered multiple reflected xss vectors in SemanticForms. Further internal review discovered and fixed other reflected and stored xss vectors. <https://phabricator.wikimedia.org/T103391> <https://phabricator.wikimedia.org/T103765> <https://phabricator.wikimedia.org/T103761> * Extension:SyntaxHighlight_GeSHi - xss and potential DoS vectors. Internal review discovered that the contib directory for GeSHi was re-included in MediaWiki 1.25. Some scripts could be potentially be used for DoS, and DAU Huy Ngoc discovered an xss vector. All contrib scripts have been removed. <https://phabricator.wikimedia.org/T108198> * Extension:TimedMediaHandler - User:McZusatz reported that resetting transcodes deleted the transcode without creating a new one, which could be used for vandalism or potentially DoS. <https://phabricator.wikimedia.org/T100211> * Extension:Quiz - Internal review discovered that Quiz did not properly escape regex metacharacters in a user controlled regular expression, enabling a DoS vector. <https://phabricator.wikimedia.org/T97083> * Extension:Widgets - MediaWiki developer Majr reported a potential HTML injection (xss) vector. <https://phabricator.wikimedia.org/T88964>
Current thread:
- CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10 Chris Steipp (Aug 12)
- Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10 cve-assign (Aug 27)