Platonides

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.20.3 **Description** The issue allows remote attackers to read arbitrary files via unspecified vectors in the maintenance/mwdoc-filter.php file. **Recommendations** For versions prior to 1.20.3, update to version 1.20.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MediaWiki CentralAuth extension versions prior to 1.19.9 MediaWiki CentralAuth extension versions 1.20.x prior to 1.20.8 MediaWiki CentralAuth extension versions 1.21.x prior to 1.21.3 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests that login via vectors involving image loading. **Recommendations** For versions prior to 1.19.9, update to version 1.19.9 or later. For versions 1.20.x prior to 1.20.8, update to version 1.20.8 or later. For versions 1.21.x prior to 1.21.3, update to version 1.21.3 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.15 through 1.15.3 MediaWiki versions 1.16 through 1.16 beta 2 **Description** The issue allows remote attackers to hijack the authentication of other users for requests that create accounts or reset passwords, related to the `Special:Userlogin` form. This is a cross-site request forgery (CSRF) vulnerability in the login interface. **Recommendations** For MediaWiki versions 1.15 through 1.15.3, update to version 1.15.4 or later. For MediaWiki versions 1.16 through 1.16 beta 2, update to version 1.16 beta 3 or later. As a temporary workaround, consider restricting access to the `Special:Userlogin` form until a patch is available.