First published: Sat Jul 07 2018(Updated: )
As reported: A flaw was found in mediawiki. When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information. Upstream bug: <a href="https://phabricator.wikimedia.org/T187638">https://phabricator.wikimedia.org/T187638</a> References: <a href="https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html">https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html</a>
Credit: security@debian.org security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/mediawiki/core | >=1.27.0<1.27.5>=1.29.0<1.29.3>=1.30.0<1.30.1>=1.31.0<1.31.1 | |
debian/mediawiki | 1:1.31.16-1+deb10u2 1:1.31.16-1+deb10u6 1:1.35.11-1~deb11u1 1:1.35.13-1~deb11u1 1:1.39.4-1~deb12u1 1:1.39.5-1~deb12u1 1:1.39.5-1 | |
redhat/mediawiki | <1.31.1 | 1.31.1 |
redhat/mediawiki | <1.30.1 | 1.30.1 |
redhat/mediawiki | <1.29.3 | 1.29.3 |
redhat/mediawiki | <1.27.5 | 1.27.5 |
MediaWiki MediaWiki | >=1.31.0<1.31.1 | |
MediaWiki MediaWiki | =1.27.5 | |
MediaWiki MediaWiki | =1.29.3 | |
MediaWiki MediaWiki | =1.30.1 | |
Debian Debian Linux | =9.0 | |
composer/mediawiki/core | >=1.31.0<1.31.1 | 1.31.1 |
composer/mediawiki/core | >=1.30.0<1.30.1 | 1.30.1 |
composer/mediawiki/core | >=1.29.0<1.29.3 | 1.29.3 |
composer/mediawiki/core | >=1.27.0<1.27.5 | 1.27.5 |
>=1.31.0<1.31.1 | ||
=1.27.5 | ||
=1.29.3 | ||
=1.30.1 | ||
=9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.