Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-39934 (GCVE-0-2026-39934)
Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-04-08 22:04
VLAI
EPSS
Title
Growth Experiments ReassignMenteesJob runs as an infinite loop
Summary
Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue was remediated only on the `master` branch.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with unreachable exit condition ('infinite loop')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Wikimedia Foundation | Mediawiki - GrowthExperiments Extension |
Affected:
1.45
Affected: 1.44 Affected: 1.43 Affected: 0 , < 1.43 (custom) |
Credits
Urbanecm_WMF
Michael
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T15:20:23.112186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T15:20:39.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Mediawiki - GrowthExperiments Extension",
"vendor": "The Wikimedia Foundation",
"versions": [
{
"status": "affected",
"version": "1.45"
},
{
"status": "affected",
"version": "1.44"
},
{
"status": "affected",
"version": "1.43"
},
{
"lessThan": "1.43",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Urbanecm_WMF"
},
{
"lang": "en",
"type": "finder",
"value": "Michael"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Loop with unreachable exit condition (\u0027infinite loop\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue was remediated only on the `master` branch."
}
],
"value": "Loop with unreachable exit condition (\u0027infinite loop\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue was remediated only on the `master` branch."
}
],
"impacts": [
{
"capecId": "CAPEC-29",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with unreachable exit condition (\u0027infinite loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T22:04:41.006Z",
"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"shortName": "wikimedia-foundation"
},
"references": [
{
"url": "https://phabricator.wikimedia.org/T418222"
},
{
"url": "https://gerrit.wikimedia.org/r/c/1243874"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Growth Experiments ReassignMenteesJob runs as an infinite loop",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"assignerShortName": "wikimedia-foundation",
"cveId": "CVE-2026-39934",
"datePublished": "2026-04-07T22:00:46.100Z",
"dateReserved": "2026-04-07T21:25:36.589Z",
"dateUpdated": "2026-04-08T22:04:41.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-39934",
"date": "2026-06-18",
"epss": "0.00349",
"percentile": "0.26598"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-39934\",\"sourceIdentifier\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"published\":\"2026-04-07T22:16:24.137\",\"lastModified\":\"2026-04-08T23:16:58.717\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Loop with unreachable exit condition (\u0027infinite loop\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue was remediated only on the `master` branch.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"references\":[{\"url\":\"https://gerrit.wikimedia.org/r/c/1243874\",\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\"},{\"url\":\"https://phabricator.wikimedia.org/T418222\",\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-39934\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-08T15:20:23.112186Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-08T15:20:35.727Z\"}}], \"cna\": {\"title\": \"Growth Experiments ReassignMenteesJob runs as an infinite loop\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Urbanecm_WMF\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Michael\"}], \"impacts\": [{\"capecId\": \"CAPEC-29\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"The Wikimedia Foundation\", \"product\": \"Mediawiki - GrowthExperiments Extension\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.45\"}, {\"status\": \"affected\", \"version\": \"1.44\"}, {\"status\": \"affected\", \"version\": \"1.43\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.43\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://phabricator.wikimedia.org/T418222\"}, {\"url\": \"https://gerrit.wikimedia.org/r/c/1243874\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Loop with unreachable exit condition (\u0027infinite loop\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue was remediated only on the `master` branch.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Loop with unreachable exit condition (\u0027infinite loop\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue was remediated only on the `master` branch.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-835\", \"description\": \"CWE-835 Loop with unreachable exit condition (\u0027infinite loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\", \"shortName\": \"wikimedia-foundation\", \"dateUpdated\": \"2026-04-08T22:04:41.006Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-39934\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-08T22:04:41.006Z\", \"dateReserved\": \"2026-04-07T21:25:36.589Z\", \"assignerOrgId\": \"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\", \"datePublished\": \"2026-04-07T22:00:46.100Z\", \"assignerShortName\": \"wikimedia-foundation\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-39934
Vulnerability from fkie_nvd - Published: 2026-04-07 22:16 - Updated: 2026-06-17 10:42
Severity
Summary
Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue was remediated only on the `master` branch.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "affected",
"product": "Mediawiki - GrowthExperiments Extension",
"vendor": "The Wikimedia Foundation",
"versions": [
{
"status": "affected",
"version": "1.45"
},
{
"status": "affected",
"version": "1.44"
},
{
"status": "affected",
"version": "1.43"
},
{
"lessThan": "1.43",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Loop with unreachable exit condition (\u0027infinite loop\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue was remediated only on the `master` branch."
}
],
"id": "CVE-2026-39934",
"lastModified": "2026-06-17T10:42:47.567",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-39934",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T15:20:23.112186Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-04-07T22:16:24.137",
"references": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"url": "https://gerrit.wikimedia.org/r/c/1243874"
},
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"url": "https://phabricator.wikimedia.org/T418222"
}
],
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary"
}
]
}
GHSA-CGH3-RGF8-476J
Vulnerability from github – Published: 2026-04-08 00:30 – Updated: 2026-04-08 00:30
VLAI
Details
Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue affects Mediawiki - GrowthExperiments Extension: 1.45.2, 1.44.4, 1.43.7.
Severity
{
"affected": [],
"aliases": [
"CVE-2026-39934"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-07T22:16:24Z",
"severity": "MODERATE"
},
"details": "Loop with unreachable exit condition (\u0027infinite loop\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue affects Mediawiki - GrowthExperiments Extension: 1.45.2, 1.44.4, 1.43.7.",
"id": "GHSA-cgh3-rgf8-476j",
"modified": "2026-04-08T00:30:26Z",
"published": "2026-04-08T00:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39934"
},
{
"type": "WEB",
"url": "https://gerrit.wikimedia.org/r/c/1243874"
},
{
"type": "WEB",
"url": "https://phabricator.wikimedia.org/T418222"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
WID-SEC-W-2026-1043
Vulnerability from csaf_certbund - Published: 2026-04-09 22:00 - Updated: 2026-04-09 22:00Summary
MediaWiki Erweiterungen: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: MediaWiki ist ein freies Wiki, das ursprünglich für den Einsatz auf Wikipedia entwickelt wurde.
Angriff: Ein Angreifer kann mehrere Schwachstellen in MediaWiki Extensions ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
References
16 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MediaWiki ist ein freies Wiki, das urspr\u00fcnglich f\u00fcr den Einsatz auf Wikipedia entwickelt wurde.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in MediaWiki Extensions ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1043 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1043.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1043 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1043"
},
{
"category": "external",
"summary": "MediaWiki Extensions and Skins Security Release Supplement (1.43.7/1.44.4/1.45.2) vom 2026-04-09",
"url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/VXEYKT6FNA5NYFPAYU67SNTNBXLTQ4FN/"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19851 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19851"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19889 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19889"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19891 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19891"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19897 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19897"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19927 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19927"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19929 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19929"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8m8x-w498-p4wx vom 2026-04-09",
"url": "https://github.com/advisories/GHSA-8m8x-w498-p4wx"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19931 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19931"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19976 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19976"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19978 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19978"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19980 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19980"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19982 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19982"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19984 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19984"
}
],
"source_lang": "en-US",
"title": "MediaWiki Erweiterungen: Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting",
"tracking": {
"current_release_date": "2026-04-09T22:00:00.000+00:00",
"generator": {
"date": "2026-04-10T09:09:08.024+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-1043",
"initial_release_date": "2026-04-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.43.7",
"product": {
"name": "Open Source MediaWiki \u003c1.43.7",
"product_id": "T052630"
}
},
{
"category": "product_version",
"name": "1.43.7",
"product": {
"name": "Open Source MediaWiki 1.43.7",
"product_id": "T052630-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.43.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.44.4",
"product": {
"name": "Open Source MediaWiki \u003c1.44.4",
"product_id": "T052631"
}
},
{
"category": "product_version",
"name": "1.44.4",
"product": {
"name": "Open Source MediaWiki 1.44.4",
"product_id": "T052631-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.44.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.45.2",
"product": {
"name": "Open Source MediaWiki \u003c1.45.2",
"product_id": "T052632"
}
},
{
"category": "product_version",
"name": "1.45.2",
"product": {
"name": "Open Source MediaWiki 1.45.2",
"product_id": "T052632-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.45.2"
}
}
},
{
"category": "product_version",
"name": "Wikilove Extension",
"product": {
"name": "Open Source MediaWiki Wikilove Extension",
"product_id": "T052633",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:wikilove_extension"
}
}
},
{
"category": "product_version",
"name": "ProofreadPage Extension",
"product": {
"name": "Open Source MediaWiki ProofreadPage Extension",
"product_id": "T052634",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:proofreadpage_extension"
}
}
},
{
"category": "product_version",
"name": "Cargo Extension",
"product": {
"name": "Open Source MediaWiki Cargo Extension",
"product_id": "T052635",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cargo_extension"
}
}
},
{
"category": "product_version",
"name": "ReportIncident Extension",
"product": {
"name": "Open Source MediaWiki ReportIncident Extension",
"product_id": "T052636",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:reportincident__extension"
}
}
},
{
"category": "product_version",
"name": "GrowthExperiments Extension",
"product": {
"name": "Open Source MediaWiki GrowthExperiments Extension",
"product_id": "T052638",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:growthexperiments_extension"
}
}
},
{
"category": "product_version",
"name": "CampaignEvents Extension",
"product": {
"name": "Open Source MediaWiki CampaignEvents Extension",
"product_id": "T052639",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:campaignevents_extension"
}
}
},
{
"category": "product_version",
"name": "Score Extension",
"product": {
"name": "Open Source MediaWiki Score Extension",
"product_id": "T052641",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:score_extension"
}
}
},
{
"category": "product_version",
"name": "CentralAuth Extension",
"product": {
"name": "Open Source MediaWiki CentralAuth Extension",
"product_id": "T052642",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:centralauth__extension"
}
}
}
],
"category": "product_name",
"name": "MediaWiki"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22711",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-22711"
},
{
"cve": "CVE-2026-30977",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-30977"
},
{
"cve": "CVE-2026-39837",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39837"
},
{
"cve": "CVE-2026-39838",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39838"
},
{
"cve": "CVE-2026-39839",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39839"
},
{
"cve": "CVE-2026-39840",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39840"
},
{
"cve": "CVE-2026-39841",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39841"
},
{
"cve": "CVE-2026-39933",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39933"
},
{
"cve": "CVE-2026-39934",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39934"
},
{
"cve": "CVE-2026-39935",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39935"
},
{
"cve": "CVE-2026-39936",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39936"
},
{
"cve": "CVE-2026-39937",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39937"
},
{
"cve": "CVE-2026-5762",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-5762"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…