 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2023.0204 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2023-0204) |
| Summary: | The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2023-0204 advisory. |
| Description: | Summary: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2023-0204 advisory. Vulnerability Insight: Bundled PapaParse copy in VisualEditor has known ReDos (CVE-2020-36649). An issue was discovered in MediaWiki before 1.35.9. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data (CVE-2022-47927). An issue was discovered in MediaWiki before 1.35.9. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow (CVE-2023-22909). An issue was discovered in MediaWiki before 1.35.9. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context (CVE-2023-22911). An issue was discovered in MediaWiki before 1.35.10. An auto-block can occur for an untrusted X-Forwarded-For header (CVE-2023-29141). OATHAuth allows replay attacks when MediaWiki is configured without ObjectCache, Insecure Default Configuration (T330086). Affected Software/OS: 'mediawiki' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-36649 https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621 https://github.com/mholt/PapaParse/issues/777 https://github.com/mholt/PapaParse/pull/779 https://github.com/mholt/PapaParse/releases/tag/5.2.0 https://vuldb.com/?ctiid.218004 https://vuldb.com/?id.218004 Common Vulnerability Exposure (CVE) ID: CVE-2022-47927 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/ https://security.gentoo.org/glsa/202305-24 https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/ https://phabricator.wikimedia.org/T322637 https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2023-22909 https://phabricator.wikimedia.org/T320987 Common Vulnerability Exposure (CVE) ID: CVE-2023-2291 https://tenable.com/security/research/tra-2023-16 Common Vulnerability Exposure (CVE) ID: CVE-2023-29141 Debian Security Information: DSA-5447 (Google Search) https://www.debian.org/security/2023/dsa-5447 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/ https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39 https://phabricator.wikimedia.org/T285159 https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html |
| Copyright | Copyright (C) 2023 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |