Nixpkgs security tracker

Untriaged

Permalink CVE-2013-6455

created 2 months ago Activity log

Created suggestion 2 months ago

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, …

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

References

http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html x_transferredx_refsource_MISC

Affected products

MediaWiki

==1.2x before 1.21.4
==before 1.19.10
==1.22.x before 1.22.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

nixos-unstable 1.45.1
- nixpkgs-unstable 1.45.1
- nixos-unstable-small 1.45.1
nixos-25.11 1.44.3
- nixos-25.11-small 1.44.3
- nixpkgs-25.11-darwin 1.44.3

Package maintainers

@astro Astro <astro@spaceboyz.net>
@gshipunov Grigory Shipunov <blame@oxapentane.com>
@tanneberger Tassilo Tanneberger <revol-xut@protonmail.com>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.mediawiki

Package maintainers