Urbanecm

Name of the Vulnerable Software and Affected Versions The Wikimedia Foundation Mediawiki - CentralAuth Extension (affected versions not specified) Description A flaw exists in the handling of sensitive information within the CentralAuth Extension of Mediawiki, potentially leading to resource leak exposure. This issue impacts non-release branches. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Echo versions prior to 1.43.7 Echo versions prior to 1.44.4 Echo versions prior to 1.45.2 **Description** Exposure of sensitive information to an unauthorized actor occurs in the program file `includes/Api/ApiEchoNotifications.Php`. **Recommendations** Update to version 1.43.7 or later. Update to version 1.44.4 or later. Update to version 1.45.2 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.35.5 MediaWiki versions 1.36.x prior to 1.36.3 MediaWiki versions 1.37.x prior to 1.37.1 **Description** An issue allows some unprivileged users to view confidential information, such as IP addresses and User-Agent headers for election traffic, on a testwiki SecurePoll instance. **Recommendations** For MediaWiki versions prior to 1.35.5, update to version 1.35.5 or later. For MediaWiki versions 1.36.x prior to 1.36.3, update to version 1.36.3 or later. For MediaWiki versions 1.37.x prior to 1.37.1, update to version 1.37.1 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.35.2 **Description** An issue in the CheckUser extension allows MediaWiki usernames with trailing whitespace to be stored in the cu log database table, causing denial of service for certain CheckUser extension pages and functionality. This could interfere with usage tracking, for example, by turning off Special:CheckUserLog. **Recommendations** For versions through 1.35.2, consider temporarily restricting access to the CheckUser extension until a fix is applied to prevent the storage of usernames with trailing whitespace in the cu log database table.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.31.10 MediaWiki versions 1.32.x through 1.34.3 **Description** An information leak was discovered due to incorrect handling of actor ID, which may not use the correct database or wiki. **Recommendations** For MediaWiki versions prior to 1.31.10, update to version 1.31.10 or later. For MediaWiki versions 1.32.x through 1.34.3, update to version 1.34.4 or later.