oss-sec mailing list archives
CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11
From: Chris Steipp <csteipp () wikimedia org>
Date: Mon, 19 Oct 2015 13:52:26 -0700
We recently released new mediawiki versions to address several security issues in core an extensions. The relevant parts of the release announcements are here. Can we get CVE's assigned? * Wikipedia user RobinHood70 reported that the API failed to correctly stop adding new chunks to the upload when the reported size was exceeded, allowing a malicious users to upload add an infinite number of chunks for a single file upload. <https://phabricator.wikimedia.org/T91203> * Wikipedia user RobinHood70 also reported that a malicious user could upload chunks of 1 byte for very large files, potentially creating a very large number of files on the server's filesystem. <https://phabricator.wikimedia.org/T91205> * Internal review discovered that it is not possible to throttle file uploads. <https://phabricator.wikimedia.org/T91850> * Internal review discovered a missing authorization check when removing suppression from a revision. This allowed users with the 'viewsuppressed' user right but not the appropriate 'suppressrevision' user right to unsuppress revisions. <https://phabricator.wikimedia.org/T95589> * Richard Stanway from teamliquid.net reported that thumbnails of PNG files generated with ImageMagick contained the local file path in the image metadata. <https://phabricator.wikimedia.org/T108616> * Extension:PageTriage - MediaWiki user Grunny discovered a DOM-based XSS in the way the extension handled page titles. <https://phabricator.wikimedia.org/T111029> * Extension:Echo - Internal review discovered that Echo could display deleted or suppressed usernames when the username was previously used to Thank users. <https://phabricator.wikimedia.org/T110553> * Extension:OAuth - Wikipedia user Sitic discovered that the OAuth extension did not correctly enforce the IP restrictions of a Consumer when using previously negotiated credentials. <https://phabricator.wikimedia.org/T103022> * Extension:OAuth - Wikipedia user Sitic discovered that OAuth would accept a valid signature from any Consumer when checking the authorization signature. This allowed a registered Consumer who gained access to another Consumer's users' access tokens and secrets to use those credentials. <https://phabricator.wikimedia.org/T103023>
Current thread:
- CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11 Chris Steipp (Oct 19)
- Re: CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11 cve-assign (Oct 29)