websafe-kb/08-threat-intel/registry/advisories/mediawiki--1da990d870.json

{
  "canonical_id": "mediawiki--1da990d870",
  "system_id": "mediawiki",
  "display_name": "MediaWiki",
  "category": "cms",
  "advisory_mode": "core",
  "title": "[MediaWiki-announce] Re: The Recent MediaWiki Extensions and Skins Security Release Supplement",
  "summary": "Hello -\n\nOne small correction regarding the recent MediaWiki Extensions and Skins\nSecurity Release Supplement announcement emails - within their email\nsubject and the first paragraph of the announcement, it was stated that\nthese releases were for MediaWiki versions 1.39.9, 1.41.3 and 1.42.2. This\nis incorrect.  The correct versions for this release are 1.39.12, 1.42.6\nand 1.43.1 per the now-public security release task [0].  We apologize for\nthis error.\n\n[0] https://phabricator.wikimedia.org/T382326\n\n-- \nScott Bassett\nsbassett\uff20wikimedia.org",
  "published_at": "Fri, 11 Apr 2025 20:34:58 +0000",
  "updated_at": "Fri, 11 Apr 2025 20:34:58 +0000",
  "severity": "unknown",
  "cvss_score": null,
  "exploit_status": "unknown",
  "source_confidence": "official",
  "official_source_url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/JURTP3O5CLKAIWGVGELFKP7VCDWVQBBJ/",
  "secondary_source_urls": [],
  "aliases": [],
  "cve_ids": [],
  "ghsa_ids": [],
  "osv_ids": [],
  "affected_versions": [],
  "fixed_versions": [],
  "package_name": null,
  "render_markdown": false,
  "case_path": null,
  "secure_code_topics": [
    "xss-output-encoding",
    "authz-server-side-recheck",
    "file-upload-validation",
    "plugin-extension-trust-policy"
  ],
  "status": "triage",
  "triage_reasons": [
    "missing affected/fixed version details"
  ],
  "verification_status": "triage-manual",
  "verification_mode": "synthetic",
  "last_verified_at": null,
  "last_run_id": null,
  "evidence_bundle": null,
  "historical_status": null,
  "latest_status": null,
  "browser_evidence": {
    "required": false,
    "present": false,
    "refs": []
  },
  "repro_profile_id": "xss-generic",
  "artifact_mode": "synthetic",
  "blocked_reason": null,
  "metadata": {
    "source_names": [
      "MediaWiki Announce RSS"
    ],
    "source_kinds": [
      "rss-feed"
    ],
    "candidate_count": 1
  }
}