Nixpkgs security tracker

Untriaged

Permalink CVE-2013-4572

created 2 months ago Activity log

Created suggestion 2 months ago

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, …

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.

References

https://bugzilla.wikimedia.org/show_bug.cgi?id=53032 x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.… x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.… x_transferredx_refsource_MISC
http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.ht… x_transferredx_refsource_CONFIRM

Affected products

MediaWiki

==1.20.x before 1.20.8
==1.21.x before 1.21.3
==before 1.19.9

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

nixos-unstable 1.45.1
- nixpkgs-unstable 1.45.1
- nixos-unstable-small 1.45.1
nixos-25.11 1.44.3
- nixos-25.11-small 1.44.3
- nixpkgs-25.11-darwin 1.44.3

Package maintainers

@astro Astro <astro@spaceboyz.net>
@gshipunov Grigory Shipunov <blame@oxapentane.com>
@tanneberger Tassilo Tanneberger <revol-xut@protonmail.com>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.mediawiki

Package maintainers