Re: CVE request: mediawiki before 1.17.1

[Kurt Seifried <kseifried () redhat com>]

On 11/29/2011 03:12 AM, Hanno Böck wrote:
> http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
>
> From announce mail:
>
> -------------
> I would like to announce the release of MediaWiki 1.17.1. Two security
> issues were discovered.
>
> Alexandre Emsenhuber discovered an issue where page titles on private
> wikis could be exposed bypassing different page ids to index.php. In the
> case of the user not having correct permissions, they will now be
> redirected to Special:BadTitle.
>
> For more details, see
> https://bugzilla.wikimedia.org/show_bug.cgi?id=32276
Please use CVE-2011-4360 for this issue.

> The second issue was found by Tim Starling, who discovered that
> action=ajax requests were dispatched to the relevant function without
> any read permission checks being done. This could have led to data
> leakage on private wikis.
>
> For more details, see
> https://bugzilla.wikimedia.org/show_bug.cgi?id=32616
Please use CVE-2011-4361 for this issue.

> ------------------------
>
> Please assign two CVEs.


-- 

-Kurt Seifried / Red Hat Security Response Team