mediawiki/core Security Advisories for 1.27.0 (13)
-
[MEDIUM] MediaWiki allows a denial of service
PKSA-qcmj-k84v-rjky CVE-2021-41800 GHSA-c8wv-qwwc-6j73
Affected version: <1.36.2
Reported by:
GitHub -
Exposed suppressed log in RevisionDelete page
PKSA-jpp4-6j25-9ryr CVE-2019-12470
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2
Reported by:
FriendsOfPHP/security-advisories -
API responses for unpatrolled or (not) autopatrolled recent changes require privileges but may be cached publicly
PKSA-fksz-ptgz-3jth CVE-2019-12474
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2
Reported by:
FriendsOfPHP/security-advisories -
Forbid blocking IP ranges as big as /1 and /2, as done on ruwikiquote using the API
PKSA-2rqt-w99v-qcks CVE-2019-12472
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2
Reported by:
FriendsOfPHP/security-advisories -
Exposed suppressed username or log in Special:EditTags
PKSA-92kc-wmpx-tswg CVE-2019-12469
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2
Reported by:
FriendsOfPHP/security-advisories -
Direct POST to Special:ChangeEmail will bypass reauth check
PKSA-kgmc-xj3p-ddfr CVE-2019-12468
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2
Reported by:
FriendsOfPHP/security-advisories -
Need to make a limit of count of attempts to change email address
PKSA-79fc-46xz-1c8z CVE-2019-12467
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2
Reported by:
FriendsOfPHP/security-advisories -
Use token when logging out
PKSA-kb8d-c7hc-dy3v CVE-2019-12466
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2|>=1.32.99,<1.33.0
Reported by:
FriendsOfPHP/security-advisories -
Loading JS from user space where the username is not a registered account is dangerous and should be banned
PKSA-qc4c-7cdq-417d CVE-2019-12471
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2
Reported by:
FriendsOfPHP/security-advisories -
Potential enwiki DOS due to slow WatchedItemStore::countVisitingWatchersMultiple
PKSA-kt9r-ys7h-z4q8 CVE-2019-12473
Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2
Reported by:
FriendsOfPHP/security-advisories -
$wgRateLimits (rate limit / ping limiter) entry for 'user' overrides that for 'newbie'
PKSA-zbzt-cmt6-4sc8 CVE-2018-0503
Affected version: >=1.27.0,<1.27.5|>=1.29.0,<1.29.3|>=1.30.0,<1.30.1|>=1.31.0,<1.31.1
Reported by:
FriendsOfPHP/security-advisories -
BotPassword can bypass CentralAuth's account lock
PKSA-rr5m-4z44-9fg2 CVE-2018-0505
Affected version: >=1.27.0,<1.27.5|>=1.29.0,<1.29.3|>=1.30.0,<1.30.1|>=1.31.0,<1.31.1
Reported by:
FriendsOfPHP/security-advisories -
When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information
PKSA-63nj-9fx8-gscb CVE-2018-0504
Affected version: >=1.27.0,<1.27.5|>=1.29.0,<1.29.3|>=1.30.0,<1.30.1|>=1.31.0,<1.31.1
Reported by:
FriendsOfPHP/security-advisories