First published: Wed Aug 24 2016(Updated: )
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/mediawiki | <1.27.1 | 1.27.1 |
redhat/mediawiki | <1.26.4 | 1.26.4 |
redhat/mediawiki | <1.23.15 | 1.23.15 |
MediaWiki MediaWiki | <=1.23.14 | |
MediaWiki MediaWiki | =1.26.0 | |
MediaWiki MediaWiki | =1.26.1 | |
MediaWiki MediaWiki | =1.26.2 | |
MediaWiki MediaWiki | =1.26.3 | |
MediaWiki MediaWiki | =1.26.4 | |
MediaWiki MediaWiki | =1.27.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.