Vulnerability CVE-2019-19709: Information
Description
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
mediawiki | sisyphus | 1.34.0-alt1 | 1.40.1-alt2 | ALT-PU-2019-3367-1 | 243414 | Fixed |
mediawiki | p10 | 1.34.0-alt1 | 1.40.1-alt2 | ALT-PU-2019-3367-1 | 243414 | Fixed |
mediawiki | p9 | 1.34.1-alt1 | 1.36.1-alt1 | ALT-PU-2020-2249-1 | 253880 | Fixed |
mediawiki | c10f1 | 1.34.0-alt1 | 1.37.2-alt1 | ALT-PU-2019-3367-1 | 243414 | Fixed |
mediawiki | c9f2 | 1.34.1-alt1 | 1.34.1-alt2 | ALT-PU-2020-2249-1 | 253880 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://phabricator.wikimedia.org/T239466 |
|
https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8 |
|
DSA-4592 |
|
20191229 [SECURITY] [DSA 4592-1] mediawiki security update |
|