Urbanecm_Wmf

Name of the Vulnerable Software and Affected Versions Mediawiki - GrowthExperiments Extension versions 1.45.2, 1.44.4, and 1.43.7 Description The Mediawiki - GrowthExperiments Extension contains a flaw related to an infinite loop. This condition can be leveraged to create Time-of-Check and Time-of-Use (TOCTOU) race conditions. Recommendations Update to a newer version of the Mediawiki - GrowthExperiments Extension that addresses this issue.

**Name of the Vulnerable Software and Affected Versions** Mediawiki - GrowthExperiments Extension versions prior to 1.39 **Description** A default permissions issue exists in the Wikimedia Foundation Mediawiki - GrowthExperiments Extension that can lead to resource leak exposure. **Recommendations** Update to version 1.39 or later.

Name of the Vulnerable Software and Affected Versions: Mediawiki - Growth Experiments Extension versions 1.39 through 1.43 Description: The issue is related to Improper Input Validation in the Mediawiki - Growth Experiments Extension, which allows Cross-Site Scripting (XSS). Recommendations: For versions 1.39 through 1.43, update to a version that fixes the Improper Input Validation issue to prevent Cross-Site Scripting (XSS).

Name of the Vulnerable Software and Affected Versions: Mediawiki - GrowthExperiments versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability, which allows for HTTP Denial of Service (DoS). This vulnerability affects the Mediawiki - GrowthExperiments extension. Recommendations: For versions 1.39 through 1.43, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GrowthExperiments extension for MediaWiki versions 1.39 and earlier **Description** The issue allows blocked users to enroll as mentors or edit their mentorship-related properties through the "growthmanagementorlist" API endpoint. This affects users blocked in ApiManageMentorList. **Recommendations** For versions 1.39 and earlier, as a temporary workaround, consider disabling the `growthmanagementorlist` API endpoint until a patch is available. Restrict access to the ApiManageMentorList to minimize the risk of exploitation. Avoid using the `growthmanagementorlist` API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.38.2 and earlier **Description** An issue was discovered in the community configuration pages for the GrowthExperiments extension, which could cause a site to become unavailable due to insufficient validation when certain actions, including page moves, were performed. **Recommendations** For MediaWiki versions 1.38.2 and earlier, consider disabling the GrowthExperiments extension until a patch is available. Restrict access to the community configuration pages to minimize the risk of exploitation. Avoid performing certain actions, such as page moves, on these pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.36.2 GrowthExperiments extension in MediaWiki versions through 1.36.2 **Description** An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized, allowing for the injection and execution of HTML and JavaScript. **Recommendations** For MediaWiki versions through 1.36.2, update to a version that properly sanitizes the growthexperiments-edit-config-error-invalid-title MediaWiki message to prevent HTML and JavaScript injection. For the GrowthExperiments extension in MediaWiki versions through 1.36.2, ensure that the SpecialEditGrowthConfig properly sanitizes user input to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.36.2 **Description** An issue was discovered in the Growth extension in MediaWiki. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits. **Recommendations** For MediaWiki versions through 1.36.2, update to a version that contains a fix for this issue to prevent arbitrary JavaScript code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.36.2 **Description** An issue was discovered in the Growth extension in MediaWiki. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload, such as an alert, via `Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback`. **Recommendations** For MediaWiki versions prior to 1.36.2, update to version 1.36.2 or later to resolve the issue. As a temporary workaround, consider disabling the Mentor Dashboard feature until a patch is available. Restrict access to the `Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.36.2 **Description** An issue was discovered in the Mentor dashboard in the GrowthExperiments extension where certain MediaWiki messages were not properly sanitized. This allowed for the injection and execution of HTML and JavaScript, specifically affecting the growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago messages. **Recommendations** For MediaWiki versions through 1.36.2, ensure that the MediaWiki messages are properly sanitized to prevent HTML and JavaScript injection. As a temporary workaround, consider restricting access to the Mentor dashboard in the GrowthExperiments extension until a proper fix is applied.