FreeBSD: mediawiki -- multiple vulnerabilities
Description
Mediawiki reports: Security fixes: T122056: Old tokens are remaining valid within a new session T127114: Login throttle can be tricked using non-canonicalized usernames T123653: Cross-domain policy regexp is too narrow T123071: Incorrectly identifying http link in a's href attributes, due to m modifier in regex T129506: MediaWiki:Gadget-popups.js isn't renderable T125283: Users occasionally logged in as different users after SessionManager deployment T103239: Patrol allows click catching and patrolling of any page T122807: [tracking] Check php crypto primatives T98313: Graphs can leak tokens, leading to CSRF T130947: Diff generation should use PoolCounter T133507: Careless use of $wgExternalLinkTarget is insecure T132874: API action=move is not rate limited
Solution(s)
- freebsd-upgrade-package-mediawiki123
- freebsd-upgrade-package-mediawiki124
- freebsd-upgrade-package-mediawiki125
- freebsd-upgrade-package-mediawiki126
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center