CVE-2019-19709

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.33.1

Description The issue allows attackers to bypass the Title blacklist protection mechanism. This can be achieved by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the "action API" when editing that page. The vulnerability is related to redirecting URLs to untrusted sites, which can allow a remote attacker to gain unauthorized access to confidential data and impact data integrity.

Recommendations For MediaWiki versions prior to 1.33.1, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of the redirect=1 parameter in the action API until a patch is available.