CNNVD-202507-314 Information
CNNVD ID
CNNVD-202507-314
Related CVE
- CNNVD Published: 2025-07-03
Description (Chinese)
Wikimedia Mediawiki CentralAuth Extension是Wikimedia基金会的一个用于维基项目之间的整合和统一登录的扩展。 Wikimedia Mediawiki CentralAuth Extension 1.39.13之前版本、1.42.7之前版本和1.43.2之前版本存在安全漏洞,该漏洞源于认证不当,可能导致绕过认证。
Description (English)
Wikimedia Mediawiki CentralAuth Exchange is an extension of Wikimedia Foundation for integration and unified access between Wiki projects. Wikimedia Mediawiki CentralAuth Exchange 1.39.13, 1.42.7 and 1.4.3.2 have security loopholes that stem from inappropriate authentication and may lead to circumvention of certification.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
维基媒体
Published
2025-07-03
Last Modified
2026-02-24
References
https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117 https://phabricator.wikimedia.org/T389010 https://vigilance.fr/vulnerability/MediaWiki-multiple-vulnerabilities-dated-04-07-2025-47596
Patch
https://phabricator.wikimedia.org/T389010
Share on: