hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
e82b7d8cf60bdf02a33db064bd1e04e2093e200d
websafe-kb/08-threat-intel/registry/advisories/mediawiki--e900dc8656.json

146 行
16 KiB
JSON
原始文件 Blame 文件历史

{
"canonical_id": "mediawiki--e900dc8656",
"system_id": "mediawiki",
"display_name": "MediaWiki",
"category": "cms",
"advisory_mode": "core",
"title": "[MediaWiki-announce] Security and maintenance release: 1.39.14 / 1.43.4 / 1.44.1",
"summary": "I would like to announce the release of MediaWiki 1.39.14, 1.43.4 and\n1.44.1!\n\nThese releases serve as security and maintenance releases for these\nbranches.\n\nThe tarballs have already been uploaded as of this email, and the git tags\nwill be pushed shortly.\n\nA \"MediaWiki Extensions Security Release Supplement\" e-mail will follow\nthis one, covering security updates for non-bundled extensions.\n\nReports of bugs with PHP 8.0, 8.1, 8.2, 8.3 and 8.4 support are\nparticularly welcome, and fixes will be back-ported when possible.\n\nAs part of the Wikimedia migration to PHP 8.1 and moving towards PHP 8.3,\nbug fixes affecting PHP 8.0-8.3 may have been backported to applicable\nreleases. If you find issues that haven't been backported, please report\nthese too, referring to the relevant supported release.\n\nPlease see https://phabricator.wikimedia.org/tag/php_8.0_support/,\nhttps://phabricator.wikimedia.org/tag/php_8.1_support/,\nhttps://phabricator.wikimedia.org/tag/php_8.2_support/,\nhttps://phabricator.wikimedia.org/tag/php_8.3_support/ and\nhttps://phabricator.wikimedia.org/tag/php_8.4_support/ for the relevant\nwork boards.\n\nAs a reminder, MediaWiki 1.35 became end of life (EOL) in December 2023,\nMediaWiki 1.40 became EOL in June 2024, MediaWiki 1.41 became EOL in\nDecember 2024 and MediaWiki 1.42 became EOL at the end of June 2025.\n\nMediaWiki 1.39 (the old LTS before 1.43) becomes EOL in December 2025. It\nis strongly recommended to upgrade to 1.43 (the next LTS after 1.39), which\nwill be supported until December 2027.\n\n== Security fixes ==\n\n* (T387478, CVE-2025-61634) SECURITY: REST: Set cache-control value of\nmax-age=60 for redirects.\n* (T394396, CVE-2025-61636) SECURITY: Escape rawElement $content.\n* (T394856, CVE-2025-61637) SECURITY: Escape three system messages used by\nlive preview.\n* (T401099, CVE-2025-61638) SECURITY: Sanitize data- attributes.\n* (T280413, CVE-2025-61639) SECURITY: Use ManualLogEntry::getDeleted in\n::getRecentChange.\n* (T402075, CVE-2025-61640) SECURITY: Parse messages instead of inserting\nthem as HTML.\n* (T298690, CVE-2025-61641) SECURITY: api: Disable maxsize in QueryAllPages\nin miser mode.\n* (T402313, CVE-2025-61642) SECURITY: Escape submit button label for\nCodex-based HTMLForms.\n* (T403757, CVE-2025-61643) SECURITY: Don't send suppressed recent changes\nto RCFeeds.\n* (T403761, CVE-2025-61645) SECURITY: Fix i18n XSS in CodexTablePager.\n* (T398706, CVE-2025-61646) SECURITY: Prevent leaking hidden usernames in\nWatchlist/RecentChanges.\n\nCheckUser\n* (T403408, CVE-2025-61651) SECURITY: fix XSS in\ntempuser-expired-link-tooltip message.\n* (T404805, CVE-2025-61658) SECURITY: Add config variable to exclude from\nGlobalContributions.\n* (T402077, CVE-2025-61648) SECURITY: Escape system messages before\ninserting them as HTML.\n\nConfirmEdit\n* (T355073, CVE-2025-61635) SECURITY: ApiFancyCaptchaReload: Reuse\nbadcaptcha rate limit.\n\nDiscussionTools\n* (T397580, CVE-2025-61652) SECURITY: In API check user read permissions\nbefore showing PageInfo.\n* (T364910, T396248, CVE-2025-11175) SECURITY: DiscussionTools should use\nbetter regex.\n\nOATHAuth\n* (T401862, T402094, CVE-2025-11173) SECURITY: Reauth for enabling 2FA can\nbe bypassed by submitting a form.\n* (T396951) FreeOTP refuses to add MediaWiki's 2FA details, because \"token\nis unsafe\".\n\nTextExtracts\n* (T397577, CVE-2025-61653) SECURITY: Add authorizeRead check for extracts\nendpoint.\n\nThanks\n* (T397497, CVE-2025-61654) SECURITY: Exclude deleted entries when counting\nthanks.\n\nVisualEditor\n* (T395858, CVE-2025-61655) SECURITY: Properly escape and parse system\nmessages.\n* (T397232, CVE-2025-61656) SECURITY: Sanitize attributes unwrapped from\ndata-ve-attributes.\n\nVector\n* (T398636, CVE-2025-61657) SECURITY: Insert sticky header labels as text\ninstead of HTML.\n\nParsoid\n* (T401099, CVE-2025-61638) SECURITY: Sanitizer::validateAttributes\ndata-XSS.\n\n== Links to all mentioned tasks ==\n\n* https://phabricator.wikimedia.org/T280413\n* https://phabricator.wikimedia.org/T298690\n* https://phabricator.wikimedia.org/T355073\n* https://phabricator.wikimedia.org/T364910\n* https://phabricator.wikimedia.org/T387478\n* https://phabricator.wikimedia.org/T394396\n* https://phabricator.wikimedia.org/T394856\n* https://phabricator.wikimedia.org/T395858\n* https://phabricator.wikimedia.org/T396951\n* https://phabricator.wikimedia.org/T397232\n* https://phabricator.wikimedia.org/T397497\n* https://phabricator.wikimedia.org/T397577\n* https://phabricator.wikimedia.org/T397580\n* https://phabricator.wikimedia.org/T398636\n* https://phabricator.wikimedia.org/T398706\n* https://phabricator.wikimedia.org/T401099\n* https://phabricator.wikimedia.org/T401862\n* https://phabricator.wikimedia.org/T402075\n* https://phabricator.wikimedia.org/T402077\n* https://phabricator.wikimedia.org/T402313\n* https://phabricator.wikimedia.org/T403408\n* https://phabricator.wikimedia.org/T403757\n* https://phabricator.wikimedia.org/T403761\n* https://phabricator.wikimedia.org/T404805\n\n== Release notes ==\n\nFull release notes for 1.39.14:\nhttps://phabricator.wikimedia.org/diffusion/MW/browse/REL1_39/RELEASE-NOTES-1.39\nhttps://www.mediawiki.org/wiki/Release_notes/1.39\n\nFull release notes for 1.43.4:\nhttps://phabricator.wikimedia.org/diffusion/MW/browse/REL1_42/RELEASE-NOTES-1.43\nhttps://www.mediawiki.org/wiki/Release_notes/1.43\n\nFull release notes for 1.44.1:\nhttps://phabricator.wikimedia.org/diffusion/MW/browse/REL1_43/RELEASE-NOTES-1.44\nhttps://www.mediawiki.org/wiki/Release_notes/1.44\n\nFor information about how to upgrade, see\n<https://www.mediawiki.org/wiki/Manual:Upgrading>\n\n**********************************************************************\nDownload:\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.14.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.14.zip\n\nDownload without bundled extensions:\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.14.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.14.zip\n\nPatch to previous version (1.39.13):\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.14.patch.gz\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.14.patch.zip\n\nGPG signatures:\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.14.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.14.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.14.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.14.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.14.patch.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.14.patch.zip.sig\n\nPublic keys:\nhttps://www.mediawiki.org/keys/keys.html\n\n**********************************************************************\nDownload:\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.4.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.4.zip\n\nDownload without bundled extensions:\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-core-1.43.4.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-core-1.43.4.zip\n\nPatch to previous version (1.43.3):\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.4.patch.gz\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.4.patch.zip\n\nGPG signatures:\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-core-1.43.4.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-core-1.43.4.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.4.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.4.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.4.patch.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.4.patch.zip.sig\n\nPublic keys:\nhttps://www.mediawiki.org/keys/keys.html\n\n**********************************************************************\nDownload:\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.1.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.1.zip\n\nDownload without bundled extensions:\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.1.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.1.zip\n\nPatch to previous version (1.44.0):\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.1.patch.gz\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.1.patch.zip\n\nGPG signatures:\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.1.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.1.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.1.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.1.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.1.patch.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.1.patch.zip.sig\n\nPublic keys:\nhttps://www.mediawiki.org/keys/keys.html",
"published_at": "Thu, 02 Oct 2025 17:37:08 +0000",
"updated_at": "Thu, 02 Oct 2025 17:37:08 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/6I6GV6OP27OB7CZS2JUQ5IC6XFXRHLNQ/",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck",
"file-upload-validation",
"token-cookie-storage",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"entity_refs": [
{
"entity_id": "mediawiki",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mediawiki",
"official": true
}
],
"affected_components": [
{
"name": "MediaWiki",
"entity_id": "mediawiki",
"scope": "core",
"package_name": null,
"official": true
}
],
"affected_version_ranges": [],
"fixed_version_ranges": [],
"introduced_version": null,
"patched_version": null,
"version_evidence_sources": [
"https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/6I6GV6OP27OB7CZS2JUQ5IC6XFXRHLNQ/"
],
"advisory_scope": "core",
"version_confidence": "low",
"version_gap_reason": "official bulletin or aggregated source did not expose explicit affected/fixed versions",
"version_resolution_needed": true,
"workflow": {
"workflow_id": "mediawiki--e900dc8656--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: \u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `core`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"affected_version_assertion": [
"\u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `\u53d7\u5f71\u54cd\u7248\u672c\u533a\u95f4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `\u4fee\u590d\u7248\u672c`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "needs-version-gap-review"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"MediaWiki Announce RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1,
"entity_ref_count": 1,
"advisory_scope": "core",
"version_confidence": "low",
"workflow_id": "mediawiki--e900dc8656--workflow"
}
}
在新工单中引用 查看 Git Blame 复制永久链接