hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
982a352a546f34bbfdcd5bbef8d4efc131ee83da
websafe-kb/08-threat-intel/registry/advisories/mediawiki--5ae1c442a8.json
hao bfd7d732ae feat: sync version-driven intel coverage
2026-03-21 18:18:55 -07:00

149 行
14 KiB
JSON
原始文件 Blame 文件历史

{
"canonical_id": "mediawiki--5ae1c442a8",
"system_id": "mediawiki",
"display_name": "MediaWiki",
"category": "cms",
"advisory_mode": "core",
"title": "[MediaWiki-announce] Security and maintenance release: 1.39.12 / 1.42.6 / 1.43.1",
"summary": "I would like to announce the release of MediaWiki 1.39.12, 1.42.6 and\n1.43.1!\n\nThese releases serve as security and maintenance releases for these\nbranches.\n\nApologies for this release being late, it was due in the last week of\nMarch. Unfortunately, due to the onongoing events of\nhttps://meta.wikimedia.org/wiki/Wikimedia_Foundation/March_2025_discovery_of_account_compromises,\nthat took priority in terms of resources.\n\nThe tarballs have already been uploaded as of this email, and the git tags\nwill be pushed shortly.\n\nA \"MediaWiki Extensions Security Release Supplement\" e-mail will follow\nthis one, covering security updates for non-bundled extensions.\n\nReports of bugs with PHP 8.0, 8.1, 8.2, 8.3 and 8.4 support are\nparticularly welcome, and fixes will be back-ported when possible.\n\nAs part of the Wikimedia migration to PHP 8.1, bug fixes affecting PHP 8.0\nand 8.1 may have been backported to applicable releases. If you find issues\nthat haven't been backported, please report these too, referring to the\nrelevant supported release.\n\nPlease see https://phabricator.wikimedia.org/tag/php_8.0_support/,\nhttps://phabricator.wikimedia.org/tag/php_8.1_support/,\nhttps://phabricator.wikimedia.org/tag/php_8.2_support/,\nhttps://phabricator.wikimedia.org/tag/php_8.3_support/ and\nhttps://phabricator.wikimedia.org/tag/php_8.4_support/ for the relevant\nwork boards.\n\nAs a reminder, MediaWiki 1.35 became end of life (EOL) in December 2023,\nMediaWiki 1.40 became EOL in June 2024 and MediaWiki 1.41 became EOL in\nDecember 2024.\n\nMediaWiki 1.39 (old LTS) becomes EOL in November 2025.\n\nMediaWiki 1.43 becomes EOL in June 2025.\n\nIt is strongly recommended to upgrade as appropriate to either 1.42, which\nwill be supported until June 2025, or ideally to 1.43 (the next LTS after\n1.39), which will be supported until December 2027.\n\n== Security fixes ==\n\n* (T304474, CVE-2025-32696) SECURITY: Apply proper restrictions on file\nrevert action.\n* (T24521, T62109, T140010, CVE-2025-32697) SECURITY: PermissionManager:\nDifferentiate between cascading protection of file content and file pages.\n* (T385958, CVE-2025-32698) SECURITY: LogPager.php: Restriction enforcer\nfunctions do not correctly enforce suppression restrictions.\n* (T387130, CVE-2025-32699) SECURITY: Potential javascript injection attack\nenabled by Unicode normalization in Action API.\n* (T358689, CVE-2025-3469) SECURITY: i18n XSS vulnerability in\nHTMLMultiSelectField when sections are used.\n* (T389235 CVE-2025-32700) SECURITY: AbuseFilter log interfaces expose\nglobal private and hidden filters when central DB is not available.\n\n== Links to all mentioned tasks ==\n\n* https://phabricator.wikimedia.org/T24521\n* https://phabricator.wikimedia.org/T62109\n* https://phabricator.wikimedia.org/T140010\n* https://phabricator.wikimedia.org/T304474\n* https://phabricator.wikimedia.org/T358689\n* https://phabricator.wikimedia.org/T385958\n* https://phabricator.wikimedia.org/T387130\n* https://phabricator.wikimedia.org/T389235\n\n== Release notes ==\n\nFull release notes for 1.39.12:\nhttps://phabricator.wikimedia.org/diffusion/MW/browse/REL1_39/RELEASE-NOTES-1.39\nhttps://www.mediawiki.org/wiki/Release_notes/1.39\n\nFull release notes for 1.42.5:\nhttps://phabricator.wikimedia.org/diffusion/MW/browse/REL1_42/RELEASE-NOTES-1.42\nhttps://www.mediawiki.org/wiki/Release_notes/1.42\n\nFull release notes for 1.43.1:\nhttps://phabricator.wikimedia.org/diffusion/MW/browse/REL1_43/RELEASE-NOTES-1.43\nhttps://www.mediawiki.org/wiki/Release_notes/1.43\n\nFor information about how to upgrade, see\n<https://www.mediawiki.org/wiki/Manual:Upgrading>\n\n**********************************************************************\nDownload:\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.12.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.12.zip\n\nDownload without bundled extensions:\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.12.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.12.zip\n\nPatch to previous version (1.39.11):\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.12.patch.gz\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.12.patch.zip\n\nGPG signatures:\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.12.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.12.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.12.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.12.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.12.patch.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.12.patch.zip.sig\n\nPublic keys:\nhttps://www.mediawiki.org/keys/keys.html\n\n**********************************************************************\nDownload:\nhttps://releases.wikimedia.org/mediawiki/1.42/mediawiki-1.42.5.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.42/mediawiki-1.42.5.zip\n\nDownload without bundled extensions:\nhttps://releases.wikimedia.org/mediawiki/1.42/mediawiki-core-1.42.5.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.42/mediawiki-core-1.42.5.zip\n\nPatch to previous version (1.42.4):\nhttps://releases.wikimedia.org/mediawiki/1.42/mediawiki-1.42.5.patch.gz\nhttps://releases.wikimedia.org/mediawiki/1.42/mediawiki-1.42.5.patch.zip\n\nGPG signatures:\nhttps://releases.wikimedia.org/mediawiki/1.42/mediawiki-core-1.42.5.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.42/mediawiki-core-1.42.5.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.42/mediawiki-1.42.5.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.42/mediawiki-1.42.5.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.42/mediawiki-1.42.5.patch.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.42/mediawiki-1.42.5.patch.zip.sig\n\nPublic keys:\nhttps://www.mediawiki.org/keys/keys.html\n\n**********************************************************************\nDownload:\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.1.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.1.zip\n\nDownload without bundled extensions:\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-core-1.43.1.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-core-1.43.1.zip\n\nPatch to previous version (1.43.0):\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.1.patch.gz\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.1.patch.zip\n\nGPG signatures:\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-core-1.43.1.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-core-1.43.1.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.1.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.1.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.1.patch.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.1.patch.zip.sig\n\nPublic keys:\nhttps://www.mediawiki.org/keys/keys.html",
"published_at": "Thu, 10 Apr 2025 16:23:30 +0000",
"updated_at": "Thu, 10 Apr 2025 16:23:30 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/CIXFJVC57OFRBCCEIDRLZCLFGMYGEYTT/",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck",
"file-upload-validation",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"entity_refs": [
{
"entity_id": "mediawiki",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mediawiki",
"official": true
}
],
"affected_components": [
{
"name": "MediaWiki",
"entity_id": "mediawiki",
"scope": "core",
"package_name": null,
"official": true
}
],
"affected_version_ranges": [],
"fixed_version_ranges": [],
"introduced_version": null,
"patched_version": null,
"version_evidence_sources": [
"https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/CIXFJVC57OFRBCCEIDRLZCLFGMYGEYTT/"
],
"affected_version_refs": [],
"fixed_version_refs": [],
"patched_version_refs": [],
"version_sync_confidence": "low",
"advisory_scope": "core",
"version_confidence": "low",
"version_gap_reason": "official bulletin or aggregated source did not expose explicit affected/fixed versions",
"version_resolution_needed": true,
"workflow": {
"workflow_id": "mediawiki--5ae1c442a8--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: \u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `core`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"affected_version_assertion": [
"\u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `\u53d7\u5f71\u54cd\u7248\u672c\u533a\u95f4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `\u4fee\u590d\u7248\u672c`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "needs-version-gap-review"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"MediaWiki Announce RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1,
"entity_ref_count": 1,
"advisory_scope": "core",
"version_confidence": "low",
"workflow_id": "mediawiki--5ae1c442a8--workflow"
}
}
在新工单中引用 查看 Git Blame 复制永久链接