hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
e82b7d8cf60bdf02a33db064bd1e04e2093e200d
websafe-kb/08-threat-intel/registry/advisories/mediawiki--e7b4a9ed1c.json

146 行
11 KiB
JSON
原始文件 Blame 文件历史

{
"canonical_id": "mediawiki--e7b4a9ed1c",
"system_id": "mediawiki",
"display_name": "MediaWiki",
"category": "cms",
"advisory_mode": "core",
"title": "[MediaWiki-announce] Announcing MediaWiki 1.45.0",
"summary": "I am happy to announce the availability of the general release of MediaWiki\n1.45!\n\nTarballs have already been uploaded, and the git tag has been pushed.\n\nThanks to everyone who helped out with this release, especially thanks to\nthose who tested out the release candidate and provided feedback, as well\nas the developers who worked on fixes for the 1.45 final release. To see\nwhat's changed in 1.45, see the release notes file.[0] If you encounter any\nissues, please file a task.[1] You can see open tasks for the branch on\nPhabricator.[2]\n\nMediaWiki 1.45 is due to be supported until the end of December 2026.\n\nIt is noted that MediaWiki 1.39 is due to become end-of-life at the end of\nDecember 31st 2025. A formal announcement will be made soon, and will\nco-incide with the next security and maintenance release.\n\n=== Changes since MediaWiki 1.45.0-rc.0 ===\n* (T411580) REST: add explicit cast to sitemapSize calcuation to avoid\nwarning\n* UserGroupManager: Remove unused $recursionMap\n* (T351953) findBadBlobs: Fix the --scan-to option\n* (T411199) initEditCount: Fix count for users with no edits\n* (T406374) htmlform: Load ooui before infusing field cloner buttons\n* (T391882) HTMLFormFieldCloner: Fix multiple bugs related to conditional\nstates\n* (T296188) MessagesZh*.php: Restore missing special page aliases\n* (T411214) ApiResult: Fix \"ord(): Providing a string that is not one byte\nlong is deprecated.\"\n* (T358666) Drop PHP 8.1 support\n* (T410914) Language: Fix PHP 8.5 warnings for NAN/INF string coercion in\nparseFormattedNumber\n* (T410914) Language: Fix PHP 8.5 warnings for NAN/INF string coercion in\nformatNumInternal\n* (T411018) IndexPager: Set '' as default value for 'order'\n* (T409718) Remove SpecialUserRightsChangeableGroups hook\n* (T411075) Api: Initialise reference variable\n* Api: Avoid re-stashing on publish with warnings via action=upload\n* RELEASE-NOTES-1.45: Add entry for jqueryMsg self-closing tag support\n* (T295568) mediawiki.jqueryMsg: Support self-closing HTML tags\n* (T411016) Upgrading wikimedia/cldr-plural-rule-parser (v2.0.0 => v3.0.0)\n* (T410963) Upgrade wikimedia/xmp-reader from 0.10.1 to 0.10.2\n* tests: Fix \uff20covers of MediaWiki\\Languages to MediaWiki\\Language\n* (T410920) Language: Prevent passing '' to ord() in lcfirst()\n* (T410912) Language: Fix \"ord(): Providing a string that is not one byte\nlong is deprecated.\"\n* (T410920) Language: Prevent passing '' to ord() in ucfirst()\n* (T410912) MessageCache: Fix \"ord(): Providing a string that is not one\nbyte long is deprecated.\"\n* (T405450) session: Use fresh MW services container in CLI mode (take 2)\n* (T405450) session: Use fresh MW services container in CLI mode\n* (T410934) Remove noop xml_parser_free() calls\n* (T401995) SECURITY: Disable xslt option by default\n* (T410928) resourceloader: Fix null offset in ClientHtml module sorting\n* (T410913) SpecialVersion: Fix \"Cannot use bool as array\" warning\n\nRelease notes:\n[0]\nhttps://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/refs/heads/REL1_45/RELEASE-NOTES-1.45\n\nBug report form:\n[1]\nhttps://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.45-Release\n\nOpen Bugs:\n[2] https://phabricator.wikimedia.org/tag/mw-1.45-release/\n\n**********************************************************************\nDownload:\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.0.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.0.zip\n\nDownload without bundled extensions:\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-core-1.45.0.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-core-1.45.0.zip\n\nPatch to previous version (1.45.0-rc.0):\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.0.patch.gz\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.0.patch.zip\n\nGPG signatures for the above:\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-core-1.45.0.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-core-1.45.0.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.0.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.0.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.0.patch.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.0.patch.zip.sig\n\nPublic keys:\nhttps://www.mediawiki.org/keys/keys.html",
"published_at": "Mon, 08 Dec 2025 17:01:47 +0000",
"updated_at": "Mon, 08 Dec 2025 17:01:47 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/TVI3VMUX3LEK554OKQSOZOET7HCVRZFZ/",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck",
"file-upload-validation",
"token-cookie-storage",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"entity_refs": [
{
"entity_id": "mediawiki",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mediawiki",
"official": true
}
],
"affected_components": [
{
"name": "MediaWiki",
"entity_id": "mediawiki",
"scope": "core",
"package_name": null,
"official": true
}
],
"affected_version_ranges": [],
"fixed_version_ranges": [],
"introduced_version": null,
"patched_version": null,
"version_evidence_sources": [
"https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/TVI3VMUX3LEK554OKQSOZOET7HCVRZFZ/"
],
"advisory_scope": "core",
"version_confidence": "low",
"version_gap_reason": "official bulletin or aggregated source did not expose explicit affected/fixed versions",
"version_resolution_needed": true,
"workflow": {
"workflow_id": "mediawiki--e7b4a9ed1c--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: \u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `core`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"affected_version_assertion": [
"\u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `\u53d7\u5f71\u54cd\u7248\u672c\u533a\u95f4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `\u4fee\u590d\u7248\u672c`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "needs-version-gap-review"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"MediaWiki Announce RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1,
"entity_ref_count": 1,
"advisory_scope": "core",
"version_confidence": "low",
"workflow_id": "mediawiki--e7b4a9ed1c--workflow"
}
}
在新工单中引用 查看 Git Blame 复制永久链接