MediaWiki 1.39.0 Release Candidate 1
Approved changes feed: RSS · Atom
cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc1:*:*:*:*:*:*
part: a version: 1.39.0 update: rc1
| Vendor | Mediawiki (cdb1ca1d-4622-5407-a7d8-3e891579b8c5) |
|---|---|
| Product | Mediawiki (ab97168e-95e7-5d6e-a2ac-f8d27117dc4d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wikimedia/mediawiki |
purl2cpe | 2026-06-01 10:10:57.667019 |
pkg:wikimedia/mediawiki |
purl2cpe | 2026-06-01 10:10:57.667021 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-22912 |
vulnerable | 2026-06-03 14:49:20.478962 |
Details available
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.
Published: 2023-01-20T00:00:00.000Z
Updated: 2025-04-03T15:13:11.169Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22911 |
vulnerable | 2026-06-03 14:49:20.478536 |
Details available
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.
Published: 2023-01-10T00:00:00.000Z
Updated: 2025-04-07T18:36:08.229Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22910 |
vulnerable | 2026-06-03 14:49:20.478076 |
Details available
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability.
Published: 2023-01-20T00:00:00.000Z
Updated: 2025-04-03T15:15:05.898Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22909 |
vulnerable | 2026-06-03 14:49:20.477522 |
Details available
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.
Published: 2023-01-10T00:00:00.000Z
Updated: 2025-04-07T18:36:40.333Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-47927 |
vulnerable | 2026-06-03 14:48:27.886982 |
Details available
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.
Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-08T15:40:49.975Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39193 |
vulnerable | 2026-06-03 14:47:51.217364 |
Details available
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights.
Published: 2023-01-20T00:00:00.000Z
Updated: 2025-04-03T16:11:19.802Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.