hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
e82b7d8cf60bdf02a33db064bd1e04e2093e200d
websafe-kb/08-threat-intel/registry/advisories/mediawiki--9531fc3afb.json

147 行
14 KiB
JSON
原始文件 Blame 文件历史

{
"canonical_id": "mediawiki--9531fc3afb",
"system_id": "mediawiki",
"display_name": "MediaWiki",
"category": "cms",
"advisory_mode": "core",
"title": "[MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.14/1.43.4/1.44.1)",
"summary": "Greetings-\n\nWith the security/maintenance release of MediaWiki 1.39.14/1.43.4/1.44.1,\nwe would also like to provide this supplementary announcement of MediaWiki\nextensions and skins with now-public Phabricator tasks, security patches\nand backports [1]:\n\nLockdown\n+ (T397521, CVE-2025-12004) - Compare API module breaks Lockdown Extension\n(Note: this issue was resolved by a MediaWiki core patch)\nhttps://gerrit.wikimedia.org/r/q/Id275382743957004fa7fc56318fc104d8e2d267b\n\nDiscordNotifications\n+ (GHSA-gvfx-p3h5-qf65, CVE-2025-53371) - DOS, SSRF and possible RCE\nthrough requests to user-controlled URLs\nhttps://github.com/miraheze/DiscordNotifications/security/advisories/GHSA-gvfx-p3h5-qf65\nhttps://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e\n\nDynamicPageList3\n+ (GHSA-7pgw-q3qp-6pgq, CVE-2025-53625) - Exposure of hidden/suppressed\nusernames\nhttps://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq\n\nLastModified\n+ (T399583, CVE-2025-62693) - Stored XSS through system messages\nhttps://gerrit.wikimedia.org/r/q/Ia406630dbac5ef9a9aed3f402f0ba6e434a6bcf2\n\nMultiBoilerplate\n+ (T399658, CVE-2025-62700) - Stored XSS through system messages\nhttps://gerrit.wikimedia.org/r/q/I10e205e3027d4772b2cd9801647fc6c171e4b35b\n\nExternalGuidance\n+ (T399662, CVE-2025-62698)- Stored XSS through system messages\nhttps://gerrit.wikimedia.org/r/q/I8bfb3c2766982f6633f47ed35720d4d9f51da71d\n\nLanguageSelector\n+(T399724, CVE-2025-62697) - Improperly sanitized style parameter in\nLanguageSelector\nhttps://gerrit.wikimedia.org/r/q/I338288e756de4e58a3f1f02a9c205b37f4927935\n\nTranslate\n+ (T399627, CVE-2025-62699) - Edits performed using the Special:Translate\ntool do not use the correct IP and User-Agent in the CheckUser tool\nhttps://gerrit.wikimedia.org/r/q/Idac164418362c65d0ad37055fe9e0ad134197da3\nhttps://gerrit.wikimedia.org/r/q/I65c740c8ca5130b40463d687e2f0775951abbf22\n\nSpringboard\n+ (T400422, CVE-2025-62696) - Multiple critical security issues including\nunauthenticated RCE\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/Springboard/+/1174003\n\nWikiLambda\n+ (T400500, CVE-2025-62695) - Stored XSS through system messages\nhttps://gerrit.wikimedia.org/r/q/Id6e96d54b4dd73af205c69ba8774c0fd51632c87\n\nWikiLove\n+ (T400525, CVE-2025-62694) - Stored XSS through system messages\nhttps://gerrit.wikimedia.org/r/q/I17fc061112f61b4c37b772410b265df060819416\n\nPageTriage\n+ (CVE-2025-62704, T400526) - Stored XSS through system messages\nhttps://gerrit.wikimedia.org/r/q/I86c5f17364c7351e7c06ce4cc6e5592467bc8dc3\n\nWikistories\n+ (CVE-2025-62701, T400545) - Stored XSS through system messages\nhttps://gerrit.wikimedia.org/r/q/I86c3bb7b7ce2d856cd2a5be787b703c85d7c41fa\n\nSkin:BlueSky\n+ (T401046, CVE-2025-62665) - Stored XSS through system messages\nhttps://gerrit.wikimedia.org/r/q/I64c9e2983ed6629505f72ef9449c09137b3c69ae\n\nTilesheets\n+ (GHSA-hqfr-7cm9-4h87, CVE-2025-54865) - Potential SQL injection\nhttps://github.com/FTB-Gamepedia/Tilesheets/security/advisories/GHSA-hqfr-7cm9-4h87\n\nImageRating\n+ (T402002, CVE-2025-62664) - Stored XSS through a system message\nhttps://gerrit.wikimedia.org/r/q/Ie42bba0d80bace319cf88d71233db1f598ac613b\n\nSecurePoll\n+ (T402076, CVE-2025-11937) - Stored XSS through a system message\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/SecurePoll/+/1189186\n\nUploadWizard\n+ (T402095, CVE-2025-62663) - Stored XSS through a system message\nhttps://gerrit.wikimedia.org/r/q/I37ea7c8825e9de776e207b3919b451ba2b905369\n\nAdvancedSearch\n+ (T402146, CVE-2025-62662) - Stored XSS through system messages\nhttps://gerrit.wikimedia.org/r/q/I91bba2b570643ef74e6c210e7250e05cd2aa388e\n\nCargo\n+ (T402147, CVE-2025-62671) - Stored XSS through wikitext\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1179707\n\nFlexDiagrams\n+ (T402149, CVE-2025-62670) - Stored XSS through a system message\nhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/FlexDiagrams/+/1179692\n\nThanks\n+ (T397497, CVE-2025-61654) - Incorrect permission checking\nhttps://gerrit.wikimedia.org/r/q/Idbc1b5a288ffaa7074eedcbac066358a8ec649dc\n\nGrowthExperiments\n+ (T397497, CVE-2025-61654) - Incorrect permission checking\nhttps://gerrit.wikimedia.org/r/q/Ia584966bb7d4d707eef50529293aa3d468470f18\n\nGrowthExperiments\n+ (T402698, CVE-2025-62667) - Stored XSS through article extracts\nhttps://gerrit.wikimedia.org/r/q/Iafd0acccf9a5c20d9e955d7bc3de1304968401ec\n\nCirrusSearch\n+ (T401220, CVE-2025-62666) - DoS vector through the cirrusbuilddoc query\nAPI\nhttps://gerrit.wikimedia.org/r/q/I3e8d819868c0491b18368af8e543180e747023c2\n\nWebAuthn\n+ (T403093, CVE-2025-62652) - Stored XSS in WebAuthn key name\nhttps://gerrit.wikimedia.org/r/q/I871ad11a68aad2a6389fdd918de5fcf0921f5a7c\n\nPollNY\n+ (T403923, CVE-2025-62653) - Stored XSS through system messages in PollNY\nhttps://gerrit.wikimedia.org/r/q/If235d6e6c1d37de6748ef4774cdb3438f52ac532\n\nQuizGame\n+ (T403924, CVE-2025-62654) - Stored XSS through system messages in QuizGame\nhttps://gerrit.wikimedia.org/r/q/Iafb81db227107cd8be204f1b6f4eccd06fbec8ce\n\n3DAlloy\n+ (GHSA-f2rp-232x-mqrh, CVE-2025-59332) - Stored XSS through attributes\nprovided to the 3d parser tag/function\nhttps://github.com/dolfinus/3DAlloy/security/advisories/GHSA-f2rp-232x-mqrh\n\nCargo\n+ (T404016, CVE-2025-62655) - SQL injection in Cargo via Special:CargoExport\nhttps://gerrit.wikimedia.org/r/q/I649ec974c33ad7c4e2338e2f5d8c497153dd6d25\nhttps://gerrit.wikimedia.org/r/q/I9039a39aa92de193a2f2e9816856adc8c757cf85\n\nWikiLambda\n+ (T404392) - Arbitrary HTML injection through error display on\nWikifunctions\nhttps://gerrit.wikimedia.org/r/q/T404392\n\nCookieConsent\n+ (T404475, CVE-2025-62659) - CookieConsent should use reserved data\nattributes to avoid potential XSS vectors\nhttps://gerrit.wikimedia.org/r/q/Ib6a53470f9f00fc180cac9fceddd0a3c43887825\n\nGlobalBlocking\n+ (T403291, CVE-2025-62656) - GlobalBlocking Special:GlobalBlockList\nvulnerable to message key stored XSS\nhttps://gerrit.wikimedia.org/r/q/I684c8ec425c7baa722a694ef23d5b6e2a4c3d57b\n\nPageForms\n+ (T405357, CVE-2025-62657) - Stored XSS through system messages in\nPageForms\nhttps://gerrit.wikimedia.org/r/q/Ic88edd43f356935767730a97ccaf841758c854f1\n\nEmbedVideo (fork)\n+ (GHSA-4j5h-mvj3-m48v, CVE-2025-59839) - Stored XSS through wikitext\ncaused by usage of non-reserved data attributes\nhttps://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/security/advisories/GHSA-4j5h-mvj3-m48v\n\nWatchAnalytics\n+ (T406380, CVE-2025-62658) - SQL injection in WatchAnalytics through\nSpecial:ClearPendingReviews\nhttps://gerrit.wikimedia.org/r/q/I6c0018713e0fe0a2ec3610508ea3581e2c8035e4\n\nThe Wikimedia Security Team recommends updating these extensions and/or\nskins to the current master branch or relevant, supported release branch\n[2] as soon as possible. Some of the referenced Phabricator tasks above\n_may_ still be private. Unfortunately, when security issues are reported,\nsometimes sensitive information is exposed and since Phabricator is\nhistorical, we cannot make these tasks public without exposing this\nsensitive information. If you have any additional questions or concerns\nregarding this update, please feel free to contact security\uff20wikimedia.org\nor file a security task within Phabricator [3].\n\n[1] https://phabricator.wikimedia.org/T397776\n[2] https://www.mediawiki.org/wiki/Version_lifecycle\n[3] https://www.mediawiki.org/wiki/Reporting_security_bugs\n\n-- \nScott Bassett\nsbassett\uff20wikimedia.org",
"published_at": "Wed, 22 Oct 2025 21:44:43 +0000",
"updated_at": "Wed, 22 Oct 2025 21:44:43 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/4P2UZCT4UFX2JKILESDBKT3QQ3JHMWTN/",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck",
"file-upload-validation",
"token-cookie-storage",
"ssrf-url-validation",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"entity_refs": [
{
"entity_id": "mediawiki",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mediawiki",
"official": true
}
],
"affected_components": [
{
"name": "MediaWiki",
"entity_id": "mediawiki",
"scope": "core",
"package_name": null,
"official": true
}
],
"affected_version_ranges": [],
"fixed_version_ranges": [],
"introduced_version": null,
"patched_version": null,
"version_evidence_sources": [
"https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/4P2UZCT4UFX2JKILESDBKT3QQ3JHMWTN/"
],
"advisory_scope": "core",
"version_confidence": "low",
"version_gap_reason": "official bulletin or aggregated source did not expose explicit affected/fixed versions",
"version_resolution_needed": true,
"workflow": {
"workflow_id": "mediawiki--9531fc3afb--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: \u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `core`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"affected_version_assertion": [
"\u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `\u53d7\u5f71\u54cd\u7248\u672c\u533a\u95f4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `\u4fee\u590d\u7248\u672c`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "needs-version-gap-review"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"MediaWiki Announce RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1,
"entity_ref_count": 1,
"advisory_scope": "core",
"version_confidence": "low",
"workflow_id": "mediawiki--9531fc3afb--workflow"
}
}
在新工单中引用 查看 Git Blame 复制永久链接