SB2023011267 - Multiple vulnerabilities in MediaWiki
Published: January 12, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2022-39193)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to output of the supressed information by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
2) Improper Authorization (CVE-ID: CVE-2023-22945)
The vulnerability allows a remote user to bypass authorization.
The vulnerability exists due to an error in the GrowthExperiments extension. Action=growthmanagementorlist makes it possible for blocked users to enroll
as mentors via the growthmanagementorlist API.
3) Inadequate Encryption Strength (CVE-ID: CVE-2023-22912)
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exist due to usage of AES-CTR encryption with repeated
nonce in TokenManager. A remote attacker can decrypt sensitive information.
4) Resource management error (CVE-ID: CVE-2023-22909)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in SpecialMobileHistory in the Mobile's frontend, which makes database queries very slow. A remote attacker can perform a denial of service (DoS) attack.
5) Cross-site scripting (CVE-ID: CVE-2023-22911)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in E-Widgets. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
6) Cross-site scripting (CVE-ID: CVE-2023-22910)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in Wikibase date formatting. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.
References
- https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/EWRDVJWBOECYCD73PIW52CA76UO62J3M/
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/879167/
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/879166/
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/879073/
- https://phabricator.wikimedia.org/T321733
- https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/857629/
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/879074/
- https://phabricator.wikimedia.org/T320987
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MobileFrontend/+/857762/
- https://phabricator.wikimedia.org/T149488
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Widgets/+/856035/
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/879171/