Multiple vulnerabilities in MediaWiki MediaWiki

1) Improper access control

EUVDB-ID: #VU30996

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-12469

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions. A remote attacker can send a specially crafted request and gain unauthorized access to the affected application.

Mitigation

Update to version 1.32.2.

Vulnerable software versions

MediaWiki: 1.32.0 - 1.32.1

External links

http://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
http://phabricator.wikimedia.org/T222036
http://seclists.org/bugtraq/2019/Jun/12
http://www.debian.org/security/2019/dsa-4460

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Improper access control

EUVDB-ID: #VU30997

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-12470

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions. A remote attacker can send a specially crafted request and gain unauthorized access to the affected application.

Mitigation

Update to version 1.32.2.

Vulnerable software versions

MediaWiki: 1.32.0 - 1.32.1

External links

http://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
http://phabricator.wikimedia.org/T222038
http://seclists.org/bugtraq/2019/Jun/12
http://www.debian.org/security/2019/dsa-4460

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Cross-site scripting

EUVDB-ID: #VU31006

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-12471

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

Mitigation

Install update from vendor's website.

Vulnerable software versions

MediaWiki: 1.32.0 - 1.32.1

External links

http://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
http://phabricator.wikimedia.org/T207603
http://seclists.org/bugtraq/2019/Jun/12
http://www.debian.org/security/2019/dsa-4460

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU31007

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-12472

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

Mitigation

Install update from vendor's website.

Vulnerable software versions

MediaWiki: 1.32.0 - 1.32.1

External links

http://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
http://phabricator.wikimedia.org/T199540

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU31008

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-12473

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

Mitigation

Install update from vendor's website.

Vulnerable software versions

MediaWiki: 1.32.0 - 1.32.1

External links

http://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
http://phabricator.wikimedia.org/T204729
http://seclists.org/bugtraq/2019/Jun/12
http://www.debian.org/security/2019/dsa-4460

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU31009

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-12474

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

Mitigation

Install update from vendor's website.

Vulnerable software versions

MediaWiki: 1.32.0 - 1.32.1

External links

http://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
http://phabricator.wikimedia.org/T212118
http://seclists.org/bugtraq/2019/Jun/12
http://www.debian.org/security/2019/dsa-4460

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper access control

EUVDB-ID: #VU31016

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-12467

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions. A remote attacker can send a specially crafted request and gain unauthorized access to the affected application.

Mitigation

Update to version 1.32.2.

Vulnerable software versions

MediaWiki: 1.32.0 - 1.32.1

External links

http://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
http://phabricator.wikimedia.org/T209794
http://seclists.org/bugtraq/2019/Jun/12
http://www.debian.org/security/2019/dsa-4460

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.