Rxy

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.33.1 **Description** The issue is related to the Special:Redirect function in MediaWiki, which allows information disclosure of suppressed usernames via a User ID Lookup. This is due to a lack of protection for internal data. An attacker can exploit this to gain unauthorized access to protected information by searching for user IDs. **Recommendations** For MediaWiki versions prior to 1.33.1, update to version 1.33.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Special:Redirect function until a patch is available. Avoid using the User ID Lookup feature in the affected Special:Redirect function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.32.2 MediaWiki versions prior to 1.31.2 MediaWiki versions prior to 1.30.2 MediaWiki versions prior to 1.27.6 **Description** The issue is related to incorrect access control in MediaWiki, allowing a remote attacker to gain unauthorized access to information. Specifically, the suppressed log in the RevisionDelete page is exposed. **Recommendations** For versions prior to 1.32.2, update to version 1.32.2 or later. For versions prior to 1.31.2, update to version 1.31.2 or later. For versions prior to 1.30.2, update to version 1.30.2 or later. For versions prior to 1.27.6, update to version 1.27.6 or later.

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31 before 1.31.1 MediaWiki version 1.30.1 MediaWiki version 1.29.3 MediaWiki version 1.27.5 Description: The issue is related to a flaw in the authentication procedure, allowing attackers to bypass CentralAuth's account lock. This can be exploited by remote attackers. The flaw is associated with BotPasswords. Recommendations: For MediaWiki version 1.31 before 1.31.1, update to version 1.31.1 or later. For MediaWiki version 1.30.1, consider upgrading to a newer version. For MediaWiki version 1.29.3, consider upgrading to a newer version. For MediaWiki version 1.27.5, consider upgrading to a newer version. As a temporary workaround, consider restricting the use of BotPasswords until a patch is available.