St47

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 Description: An issue was discovered in the CentralAuth extension. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value (`MaxNameChars`). Recommendations: For MediaWiki versions through 1.36, consider restricting the `MaxNameChars` configuration value to prevent usernames from exceeding the maximum allowed length, thereby mitigating the risk of infinite loops and denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.