MediaWiki < 1.19.8 / 1.20.7 / 1.21.2 Multiple Vulnerabilities

high Nessus Plugin ID 70293

Synopsis

The remote web server contains an application that is affected by multiple vulnerabilities.

Description

According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities :

- The full installation path is disclosed in an error message when an invalid language is specified in the ResourceLoader. (CVE-2013-4301)

- Multiple cross-site request forgery vulnerabilities exist in the API modules accessed through JSONP.
(CVE-2013-4302)

- A cross-site scripting vulnerability exists because input submitted to the property name is not properly sanitized. (CVE-2013-4303)

Additionally, the following extensions contain vulnerabilities but are not enabled or installed by default (unless otherwise noted) :

- Authentication can be bypassed in the CentralAuth extension by manipulating the 'centralauth_User' cookie.
(CVE-2013-4304)

- The SyntaxHighlight GeSHi extension is affected by a cross-site scripting vulnerability because user input is not properly sanitized when submitted to the 'example.php' script. This extension is installed but not enabled by default on MediaWiki 1.21.x.
(CVE-2013-4305)

- The CheckUser extension is affected by a cross-site request forgery vulnerability because it does not properly validate HTTP requests. (CVE-2013-4306)

- The Wikibase extension is affected by a cross-site scripting vulnerability because it does not properly escape the labels in the 'In other languages' section of entity view. (CVE-2013-4307)

- The LiquidThreads extensions is affected by a cross-site scripting vulnerability because it does not properly sanitize user input submitted to the LQT thread subject.
(CVE-2013-4308)

Note that Nessus has not tested for these issues but has instead relied on the application's self-reported version number.

Solution

Upgrade to MediaWiki version 1.19.8 / 1.20.7 / 1.21.2 or later.

See Also

http://www.nessus.org/u?4da081be

https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.8

https://www.mediawiki.org/wiki/Release_notes/1.20#MediaWiki_1.20.7

https://www.mediawiki.org/wiki/Release_notes/1.21#MediaWiki_1.21.2

Plugin Details

Severity: High

ID: 70293

File Name: mediawiki_1_19_8.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 10/3/2013

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mediawiki:mediawiki

Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/MediaWiki

Exploit Ease: No known exploits are available

Patch Publication Date: 9/3/2013

Vulnerability Publication Date: 3/19/2013

Reference Information

CVE: CVE-2013-4301, CVE-2013-4302, CVE-2013-4303, CVE-2013-4304, CVE-2013-4305, CVE-2013-4306, CVE-2013-4307, CVE-2013-4308

BID: 62194, 62201, 62202, 62203, 62210, 62215, 62218, 62434

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990