Mark Bergsma

Name of the Vulnerable Software and Affected Versions: MediaWiki CentralNotice extension versions 1.19.x through 1.19.8 MediaWiki CentralNotice extension versions 1.20.x through 1.20.7 MediaWiki CentralNotice extension versions 1.21.x through 1.21.2 Description: The issue allows remote attackers to authenticate as a created user due to the Cache-Control header setting to cache session cookies when a user is autocreated. Recommendations: For versions 1.19.x through 1.19.8, update to version 1.19.9 or later. For versions 1.20.x through 1.20.7, update to version 1.20.8 or later. For versions 1.21.x through 1.21.2, update to version 1.21.3 or later.