FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- multiple vulnerabilities

Affected packages
mediawiki135 < 1.35.8
mediawiki137 < 1.37.6
mediawiki138 < 1.38.4

Details

VuXML ID 67057b48-41f4-11ed-86c3-080027881239
Discovery 2022-09-29
Entry 2022-10-02

Mediawiki reports:

(T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions..

(T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence of hidden users.

(T307278, CVE-2022-41766) SECURITY: On action=rollback the message "alreadyrolled" can leak revision deleted user name.

[source]

References

CVE Name CVE-2022-41765
CVE Name CVE-2022-41766
CVE Name CVE-2022-41767
URL https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.