Suffusion_Of_Yellow

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.35.10 MediaWiki versions 1.36.x through 1.38.x before 1.38.6 MediaWiki versions 1.39.x before 1.39.3 **Description** An issue was discovered in MediaWiki where an auto-block can occur for an untrusted `X-Forwarded-For` header. **Recommendations** For MediaWiki versions prior to 1.35.10, update to version 1.35.10 or later. For MediaWiki versions 1.36.x through 1.38.x before 1.38.6, update to version 1.38.6 or later. For MediaWiki versions 1.39.x before 1.39.3, update to version 1.39.3 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.36.2 **Description** An issue was discovered in SecurePoll in the Growth extension, where simple polls allow users to create alerts by changing their `User-Agent` HTTP header and submitting a vote. **Recommendations** For versions through 1.36.2, update to a version that contains a fix for this issue to prevent users from creating alerts by manipulating the `User-Agent` header.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.35.2 AbuseFilter extension for MediaWiki versions through 1.35.2 **Description** An issue in the AbuseFilter extension for MediaWiki allows the page recent contributors to leak the existence of certain deleted MediaWiki usernames, related to rev deleted. **Recommendations** For MediaWiki versions through 1.35.2, update to a version that contains a fix for this issue. For AbuseFilter extension for MediaWiki versions through 1.35.2, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.35.2 AbuseFilter extension for MediaWiki through 1.35.2 **Description** An issue in the AbuseFilter extension for MediaWiki reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules, specifically through the AbuseFilterCheckMatch API. **Recommendations** For MediaWiki versions through 1.35.2, update to a version that contains a fix for this issue. For the AbuseFilter extension, consider temporarily disabling the AbuseFilterCheckMatch API until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.31.10 MediaWiki versions 1.32.x through 1.34.x before 1.34.4 **Description** The issue is related to insufficient restriction of authentication attempts in the OATHAuth extension for MediaWiki. This can be exploited by a remote attacker to bypass security restrictions using a brute force attack. For wikis using OATHAuth on a farm or cluster, such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level, allowing multiple requests to be made across many wikis or sites concurrently. **Recommendations** For MediaWiki versions prior to 1.31.10, update to version 1.31.10 or later. For MediaWiki versions 1.32.x through 1.34.x, update to version 1.34.4 or later. As a temporary workaround, consider implementing additional rate limiting measures for OATH tokens across all sites in a farm or cluster to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.34 through 1.35 **Description** The issue concerns the MinervaNeue Skin in MediaWiki, where it mishandles certain HTML attributes. This can lead to XSS when using `onmouseover` within an `IMG` tag, and it can also disclose the client's IP address when using `src=http` within an `IMG` tag. This issue can occur within a talk page topical header viewed in a mobile context using MobileFrontend. **Recommendations** For versions 1.34 through 1.35, update to a version that fixes the handling of HTML attributes in the MinervaNeue Skin to prevent XSS and IP address disclosure.

**Name of the Vulnerable Software and Affected Versions** MediaWiki AbuseFilter extension versions through 1.34 **Description** An issue in the AbuseFilter extension can expose previous versions of a specific abuse filter once it has been made public, potentially disclosing private or sensitive information within the filter's definition. **Recommendations** For versions through 1.34, consider restricting access to abuse filter definitions to minimize the risk of sensitive information disclosure until a fix is available.