Kostajh

Name of the Vulnerable Software and Affected Versions The Wikimedia Foundation Mediawiki - CentralAuth Extension (affected versions not specified) Description A flaw exists in the handling of sensitive information within the CentralAuth Extension of Mediawiki, potentially leading to resource leak exposure. This issue impacts non-release branches. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wikimedia Foundation CheckUser versions 1.45.0 through 1.45.1 **Description** An issue exists that allows the exposure of sensitive information to an unauthorized actor. **Recommendations** Update to version 1.45.2.

**Name of the Vulnerable Software and Affected Versions** GrowthExperiments extension for MediaWiki versions through 1.39.3 **Description** An issue in the GrowthExperiments extension for MediaWiki allows the UserImpactHandler to inadvertently return the timezone preference for arbitrary users. This can be used to de-anonymize users. **Recommendations** For versions through 1.39.3, consider disabling the UserImpactHandler for GrowthExperiments until a patch is available to prevent the potential de-anonymization of users.