Dom_Walden

**Name of the Vulnerable Software and Affected Versions** Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension versions 1.43 through 1.43.99 **Description** A flaw exists in the Mediawiki - Thanks Extension and Mediawiki - Growth Experiments Extension where default permissions are improperly configured, leading to access of functionality that is not adequately restricted by Access Control Lists (ACLs). **Recommendations** Update to version 1.44 or later.

**Name of the Vulnerable Software and Affected Versions** Wikimedia Foundation Mediawiki - CentralAuth Extension versions prior to 1.39 **Description** A resource leak exposure exists in the Wikimedia Foundation Mediawiki - CentralAuth Extension. This allows for the potential exposure of sensitive information to an unauthorized actor. **Recommendations** Update to version 1.39 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki GlobalBlocking Extension (affected versions not specified) **Description** The issue concerns an Exposure of Sensitive Information to an Unauthorized Actor, allowing the retrieval of embedded sensitive data. It briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki AbuseFilter extension versions prior to 1.39.9 MediaWiki AbuseFilter extension versions 1.40.x MediaWiki AbuseFilter extension versions 1.41.x prior to 1.41.3 MediaWiki AbuseFilter extension versions 1.42.x prior to 1.42.2 **Description** An issue was discovered in the AbuseFilter extension for MediaWiki. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter. **Recommendations** For versions prior to 1.39.9, update to version 1.39.9 or later. For versions 1.40.x, update to version 1.41.3 or later. For versions 1.41.x prior to 1.41.3, update to version 1.41.3 or later. For versions 1.42.x prior to 1.42.2, update to version 1.42.2 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki CheckUser extension versions 1.35.12 and earlier, versions 1.36.x through 1.39.x before 1.39.5, and versions 1.40.x before 1.40.1 **Description** An issue was discovered in the CheckUser extension for MediaWiki. A user can use a "rest.php/checkuser/v0/useragent-clienthints/revision/" URL to store an arbitrary number of rows in `cu useragent clienthints`, leading to a denial of service. The exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For MediaWiki CheckUser extension versions 1.35.12 and earlier, update to version 1.35.12 or later. For MediaWiki CheckUser extension versions 1.36.x through 1.39.x before 1.39.5, update to version 1.39.5 or later. For MediaWiki CheckUser extension versions 1.40.x before 1.40.1, update to version 1.40.1 or later. As a temporary workaround, consider restricting access to the "rest.php/checkuser/v0/useragent-clienthints/revision/" URL to minimize the risk of exploitation.