ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0155
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0155)
Resumen:	The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2024-0155 advisory.
Descripción:	Summary: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2024-0155 advisory. Vulnerability Insight: Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. (CVE-2023-3550) An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers. (CVE-2023-45360) An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka 'X intermediate revisions by the same user not shown') ignores username suppression. This is an information leak. (CVE-2023-45362) An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. (CVE-2023-45363) An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information. (CVE-2023-45364) An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights. (CVE-2023-51704) Affected Software/OS: 'mediawiki' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-3550 Debian Security Information: DSA-5520 (Google Search) https://www.debian.org/security/2023/dsa-5520 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/ https://fluidattacks.com/advisories/blondie/ https://www.mediawiki.org/wiki/MediaWiki/ https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2023-45359 Common Vulnerability Exposure (CVE) ID: CVE-2023-45360 https://phabricator.wikimedia.org/T340221 Common Vulnerability Exposure (CVE) ID: CVE-2023-45361 Common Vulnerability Exposure (CVE) ID: CVE-2023-45362 https://phabricator.wikimedia.org/T341529 Common Vulnerability Exposure (CVE) ID: CVE-2023-45363 https://phabricator.wikimedia.org/T333050 Common Vulnerability Exposure (CVE) ID: CVE-2023-45364 https://phabricator.wikimedia.org/T264765 Common Vulnerability Exposure (CVE) ID: CVE-2023-51704 https://phabricator.wikimedia.org/T347726 https://lists.debian.org/debian-lts-announce/2024/04/msg00018.html
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.