Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-62669 (GCVE-0-2025-62669)
Vulnerability from cvelistv5 – Published: 2025-10-18 04:34 – Updated: 2025-10-20 16:28
VLAI
EPSS
Title
UserInfoCard: activeLocalBlocksAllWikis does not do permissions checks
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Wikimedia Foundation | Mediawiki - CentralAuth Extension |
Affected:
master , < 1.39
(semver)
|
Credits
dom_walden
mszabo
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62669",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T16:28:07.424582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T16:28:10.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://phabricator.wikimedia.org/T400892"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mediawiki - CentralAuth Extension",
"vendor": "The Wikimedia Foundation",
"versions": [
{
"lessThan": "1.39",
"status": "affected",
"version": "master",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dom_walden"
},
{
"lang": "en",
"type": "finder",
"value": "mszabo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.\u003cp\u003eThis issue affects Mediawiki - CentralAuth Extension: from master before 1.39.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39."
}
],
"impacts": [
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-18T04:34:34.614Z",
"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"shortName": "wikimedia-foundation"
},
"references": [
{
"url": "https://phabricator.wikimedia.org/T400892"
},
{
"url": "https://gerrit.wikimedia.org/r/q/I15b14cbff28ba769e72e4d037306d2395e74ad85"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "UserInfoCard: activeLocalBlocksAllWikis does not do permissions checks",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"assignerShortName": "wikimedia-foundation",
"cveId": "CVE-2025-62669",
"datePublished": "2025-10-18T04:34:34.614Z",
"dateReserved": "2025-10-18T04:03:51.880Z",
"dateUpdated": "2025-10-20T16:28:10.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-62669",
"date": "2026-06-08",
"epss": "0.00062",
"percentile": "0.19418"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-62669\",\"sourceIdentifier\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"published\":\"2025-10-18T05:15:34.573\",\"lastModified\":\"2025-10-21T19:31:25.450\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"references\":[{\"url\":\"https://gerrit.wikimedia.org/r/q/I15b14cbff28ba769e72e4d037306d2395e74ad85\",\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\"},{\"url\":\"https://phabricator.wikimedia.org/T400892\",\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\"},{\"url\":\"https://phabricator.wikimedia.org/T400892\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-62669\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-20T16:28:07.424582Z\"}}}], \"references\": [{\"url\": \"https://phabricator.wikimedia.org/T400892\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-20T16:28:00.418Z\"}}], \"cna\": {\"title\": \"UserInfoCard: activeLocalBlocksAllWikis does not do permissions checks\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"dom_walden\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"mszabo\"}], \"impacts\": [{\"capecId\": \"CAPEC-131\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-131 Resource Leak Exposure\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"The Wikimedia Foundation\", \"product\": \"Mediawiki - CentralAuth Extension\", \"versions\": [{\"status\": \"affected\", \"version\": \"master\", \"lessThan\": \"1.39\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://phabricator.wikimedia.org/T400892\"}, {\"url\": \"https://gerrit.wikimedia.org/r/q/I15b14cbff28ba769e72e4d037306d2395e74ad85\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.\u003cp\u003eThis issue affects Mediawiki - CentralAuth Extension: from master before 1.39.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\", \"shortName\": \"wikimedia-foundation\", \"dateUpdated\": \"2025-10-18T04:34:34.614Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-62669\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-20T16:28:10.550Z\", \"dateReserved\": \"2025-10-18T04:03:51.880Z\", \"assignerOrgId\": \"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\", \"datePublished\": \"2025-10-18T04:34:34.614Z\", \"assignerShortName\": \"wikimedia-foundation\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Title
Mediawiki - CentralAuth Extension资源泄露漏洞
Description
Mediawiki - CentralAuth Extension是MediaWiki的扩展,专为维基媒体项目设计,用于管理跨站点的用户账户合并、锁定、重命名等操作。
Mediawiki - CentralAuth Extension存在资源泄露漏洞,该漏洞源于敏感信息暴露,攻击者可利用该漏洞导致资源泄露。
Severity
高
Patch Name
Mediawiki - CentralAuth Extension资源泄露漏洞的补丁
Patch Description
Mediawiki - CentralAuth Extension是MediaWiki的扩展,专为维基媒体项目设计,用于管理跨站点的用户账户合并、锁定、重命名等操作。
Mediawiki - CentralAuth Extension存在资源泄露漏洞,该漏洞源于敏感信息暴露,攻击者可利用该漏洞导致资源泄露。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级程序修复该安全问题,详情见厂商官网: https://phabricator.wikimedia.org/T400892
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-62669
Impacted products
| Name | MediaWiki Mediawiki - CentralAuth Extension <1.39 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-62669",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-62669"
}
},
"description": "Mediawiki - CentralAuth Extension\u662fMediaWiki\u7684\u6269\u5c55\uff0c\u4e13\u4e3a\u7ef4\u57fa\u5a92\u4f53\u9879\u76ee\u8bbe\u8ba1\uff0c\u7528\u4e8e\u7ba1\u7406\u8de8\u7ad9\u70b9\u7684\u7528\u6237\u8d26\u6237\u5408\u5e76\u3001\u9501\u5b9a\u3001\u91cd\u547d\u540d\u7b49\u64cd\u4f5c\u3002\n\nMediawiki - CentralAuth Extension\u5b58\u5728\u8d44\u6e90\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u654f\u611f\u4fe1\u606f\u66b4\u9732\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8d44\u6e90\u6cc4\u9732\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51:\r\nhttps://phabricator.wikimedia.org/T400892",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-29383",
"openTime": "2025-11-26",
"patchDescription": "Mediawiki - CentralAuth Extension\u662fMediaWiki\u7684\u6269\u5c55\uff0c\u4e13\u4e3a\u7ef4\u57fa\u5a92\u4f53\u9879\u76ee\u8bbe\u8ba1\uff0c\u7528\u4e8e\u7ba1\u7406\u8de8\u7ad9\u70b9\u7684\u7528\u6237\u8d26\u6237\u5408\u5e76\u3001\u9501\u5b9a\u3001\u91cd\u547d\u540d\u7b49\u64cd\u4f5c\u3002\r\n\r\nMediawiki - CentralAuth Extension\u5b58\u5728\u8d44\u6e90\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u654f\u611f\u4fe1\u606f\u66b4\u9732\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8d44\u6e90\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mediawiki - CentralAuth Extension\u8d44\u6e90\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "MediaWiki Mediawiki - CentralAuth Extension \u003c1.39"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-62669",
"serverity": "\u9ad8",
"submitTime": "2025-10-23",
"title": "Mediawiki - CentralAuth Extension\u8d44\u6e90\u6cc4\u9732\u6f0f\u6d1e"
}
FKIE_CVE-2025-62669
Vulnerability from fkie_nvd - Published: 2025-10-18 05:15 - Updated: 2026-04-15 00:35
Severity
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39."
}
],
"id": "CVE-2025-62669",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary"
}
]
},
"published": "2025-10-18T05:15:34.573",
"references": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"url": "https://gerrit.wikimedia.org/r/q/I15b14cbff28ba769e72e4d037306d2395e74ad85"
},
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"url": "https://phabricator.wikimedia.org/T400892"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://phabricator.wikimedia.org/T400892"
}
],
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary"
}
]
}
GHSA-54M9-295V-M438
Vulnerability from github – Published: 2025-10-18 06:30 – Updated: 2025-10-18 06:30
VLAI
Details
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39.
Severity
{
"affected": [],
"aliases": [
"CVE-2025-62669"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-18T05:15:34Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39.",
"id": "GHSA-54m9-295v-m438",
"modified": "2025-10-18T06:30:25Z",
"published": "2025-10-18T06:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62669"
},
{
"type": "WEB",
"url": "https://gerrit.wikimedia.org/r/q/I15b14cbff28ba769e72e4d037306d2395e74ad85"
},
{
"type": "WEB",
"url": "https://phabricator.wikimedia.org/T400892"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
WID-SEC-W-2025-2336
Vulnerability from csaf_certbund - Published: 2025-10-19 22:00 - Updated: 2025-10-22 22:00Summary
MediaWiki Extensions: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: MediaWiki ist ein freies Wiki, das ursprünglich für den Einsatz auf Wikipedia entwickelt wurde.
Angriff: Ein Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um Cross-Site-Scripting-Angriffe durchzuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
References
19 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MediaWiki ist ein freies Wiki, das urspr\u00fcnglich f\u00fcr den Einsatz auf Wikipedia entwickelt wurde.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2336 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2336.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2336 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2336"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11937"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62508"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62652"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62653"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62654"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62655"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62662"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62663"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62664"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62665"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62666"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62667"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62668"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62669"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62670"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62671"
},
{
"category": "external",
"summary": "MediaWiki Extensions and Skins Security Release Supplement (1.39.14/1.43.4/1.44.1)",
"url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/4P2UZCT4UFX2JKILESDBKT3QQ3JHMWTN/"
}
],
"source_lang": "en-US",
"title": "MediaWiki Extensions: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-22T22:00:00.000+00:00",
"generator": {
"date": "2025-10-23T08:39:02.651+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2336",
"initial_release_date": "2025-10-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.39.14",
"product": {
"name": "Open Source MediaWiki \u003c1.39.14",
"product_id": "T047373"
}
},
{
"category": "product_version",
"name": "1.39.14",
"product": {
"name": "Open Source MediaWiki 1.39.14",
"product_id": "T047373-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.39.14"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.43.4",
"product": {
"name": "Open Source MediaWiki \u003c1.43.4",
"product_id": "T047374"
}
},
{
"category": "product_version",
"name": "1.43.4",
"product": {
"name": "Open Source MediaWiki 1.43.4",
"product_id": "T047374-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.43.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.44.1",
"product": {
"name": "Open Source MediaWiki \u003c1.44.1",
"product_id": "T047375"
}
},
{
"category": "product_version",
"name": "1.44.1",
"product": {
"name": "Open Source MediaWiki 1.44.1",
"product_id": "T047375-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.44.1"
}
}
},
{
"category": "product_version",
"name": "WebAuthn extension",
"product": {
"name": "Open Source MediaWiki WebAuthn extension",
"product_id": "T047804",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:webauthn_extension"
}
}
},
{
"category": "product_version",
"name": "PollNY extension",
"product": {
"name": "Open Source MediaWiki PollNY extension",
"product_id": "T047805",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:pollny_extension"
}
}
},
{
"category": "product_version_range",
"name": "Citizen \u003c3.9.0",
"product": {
"name": "Open Source MediaWiki Citizen \u003c3.9.0",
"product_id": "T047806"
}
},
{
"category": "product_version",
"name": "Citizen 3.9.0",
"product": {
"name": "Open Source MediaWiki Citizen 3.9.0",
"product_id": "T047806-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:citizen__3.9.0"
}
}
},
{
"category": "product_version",
"name": "QuizGame extension",
"product": {
"name": "Open Source MediaWiki QuizGame extension",
"product_id": "T047807",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:quizgame_extension"
}
}
},
{
"category": "product_version",
"name": "Cargo extension",
"product": {
"name": "Open Source MediaWiki Cargo extension",
"product_id": "T047808",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cargo_extension"
}
}
},
{
"category": "product_version_range",
"name": "AdvancedSearch Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki AdvancedSearch Extension \u003c1.39",
"product_id": "T047809"
}
},
{
"category": "product_version",
"name": "AdvancedSearch Extension 1.39",
"product": {
"name": "Open Source MediaWiki AdvancedSearch Extension 1.39",
"product_id": "T047809-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:advancedsearch_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "UploadWizard Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki UploadWizard Extension \u003c1.39",
"product_id": "T047810"
}
},
{
"category": "product_version",
"name": "UploadWizard Extension 1.39",
"product": {
"name": "Open Source MediaWiki UploadWizard Extension 1.39",
"product_id": "T047810-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:uploadwizard_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "ImageRating Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki ImageRating Extension \u003c1.39",
"product_id": "T047811"
}
},
{
"category": "product_version",
"name": "ImageRating Extension 1.39",
"product": {
"name": "Open Source MediaWiki ImageRating Extension 1.39",
"product_id": "T047811-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:imagerating_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "Skin:BlueSky Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki Skin:BlueSky Extension \u003c1.39",
"product_id": "T047812"
}
},
{
"category": "product_version",
"name": "Skin:BlueSky Extension 1.39",
"product": {
"name": "Open Source MediaWiki Skin:BlueSky Extension 1.39",
"product_id": "T047812-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:skinbluesky_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "CirrusSearch Extension \u003c1.43",
"product": {
"name": "Open Source MediaWiki CirrusSearch Extension \u003c1.43",
"product_id": "T047814"
}
},
{
"category": "product_version",
"name": "CirrusSearch Extension 1.43",
"product": {
"name": "Open Source MediaWiki CirrusSearch Extension 1.43",
"product_id": "T047814-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cirrussearch_extension__1.43"
}
}
},
{
"category": "product_version_range",
"name": "GrowthExperiments Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki GrowthExperiments Extension \u003c1.39",
"product_id": "T047815"
}
},
{
"category": "product_version",
"name": "GrowthExperiments Extension 1.39",
"product": {
"name": "Open Source MediaWiki GrowthExperiments Extension 1.39",
"product_id": "T047815-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:growthexperiments_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "CentralAuth Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki CentralAuth Extension \u003c1.39",
"product_id": "T047817"
}
},
{
"category": "product_version",
"name": "CentralAuth Extension 1.39",
"product": {
"name": "Open Source MediaWiki CentralAuth Extension 1.39",
"product_id": "T047817-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:centralauth_extension__1.39"
}
}
},
{
"category": "product_version",
"name": "Cargo Extension",
"product": {
"name": "Open Source MediaWiki Cargo Extension",
"product_id": "T047819",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cargo_extension"
}
}
},
{
"category": "product_version",
"name": "SecurePoll Extension",
"product": {
"name": "Open Source MediaWiki SecurePoll Extension",
"product_id": "T047820",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:securepoll_extension"
}
}
},
{
"category": "product_version",
"name": "FlexDiagrams Extension",
"product": {
"name": "Open Source MediaWiki FlexDiagrams Extension",
"product_id": "T047821",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:flexdiagrams_extension"
}
}
}
],
"category": "product_name",
"name": "MediaWiki"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11937",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-11937"
},
{
"cve": "CVE-2025-62508",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62508"
},
{
"cve": "CVE-2025-62652",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62652"
},
{
"cve": "CVE-2025-62653",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62653"
},
{
"cve": "CVE-2025-62654",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62654"
},
{
"cve": "CVE-2025-62655",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62655"
},
{
"cve": "CVE-2025-62662",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62662"
},
{
"cve": "CVE-2025-62663",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62663"
},
{
"cve": "CVE-2025-62664",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62664"
},
{
"cve": "CVE-2025-62665",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62665"
},
{
"cve": "CVE-2025-62666",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62666"
},
{
"cve": "CVE-2025-62667",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62667"
},
{
"cve": "CVE-2025-62668",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62668"
},
{
"cve": "CVE-2025-62669",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62669"
},
{
"cve": "CVE-2025-62670",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62670"
},
{
"cve": "CVE-2025-62671",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62671"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…