Vulnerabilites related to The Wikimedia Foundation - Mediawiki - CSS Extension
cve-2024-47841
Vulnerability from cvelistv5
Published
2024-10-05 01:02
Modified
2024-10-07 17:10
Severity ?
EPSS score ?
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wikimedia Foundation | Mediawiki - CSS Extension |
Version: 1.42.x ≤ Version: 1.41.x ≤ Version: 1.39.x ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:wikimedia:mediawiki-extensions-css:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "mediawiki-extensions-css", vendor: "wikimedia", versions: [ { lessThan: "1.42.2", status: "affected", version: "1.42.0", versionType: "semver", }, { lessThan: "1.41.3", status: "affected", version: "1.41.0", versionType: "semver", }, { lessThan: "1.39.9", status: "affected", version: "1.39.0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-47841", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-07T17:06:16.157977Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-07T17:10:52.526Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Mediawiki - CSS Extension", vendor: "The Wikimedia Foundation", versions: [ { lessThan: "1.42.2", status: "affected", version: "1.42.x", versionType: "semver", }, { lessThan: "1.41.3", status: "affected", version: "1.41.x", versionType: "semver", }, { lessThan: "1.39.9", status: "affected", version: "1.39.x", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "RhinosF1", }, { lang: "en", type: "finder", value: "BlankEclair", }, ], datePublic: "2024-10-04T00:55:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.<p>This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.</p>", }, ], value: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.", }, ], impacts: [ { capecId: "CAPEC-126", descriptions: [ { lang: "en", value: "CAPEC-126 Path Traversal", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 6.9, baseSeverity: "MEDIUM", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-05T01:02:31.642Z", orgId: "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", shortName: "wikimedia-foundation", }, references: [ { url: "https://phabricator.wikimedia.org/T368628", }, { url: "https://phabricator.wikimedia.org/T369486", }, { url: "https://gerrit.wikimedia.org/r/q/I46613d8d50fc978bdac58e2b312ee03324c1edc8", }, ], source: { discovery: "UNKNOWN", }, title: "Path traversal when loading stylesheets", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", assignerShortName: "wikimedia-foundation", cveId: "CVE-2024-47841", datePublished: "2024-10-05T01:02:31.642Z", dateReserved: "2024-10-03T23:44:16.834Z", dateUpdated: "2024-10-07T17:10:52.526Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-47845
Vulnerability from cvelistv5
Published
2024-10-05 00:09
Modified
2024-10-07 17:39
Severity ?
EPSS score ?
Summary
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wikimedia Foundation | Mediawiki - CSS Extension |
Version: 1.39.x ≤ Version: 1.41.x ≤ Version: 1.42.x ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:wikimedia:mediawiki-extensions-css:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "mediawiki-extensions-css", vendor: "wikimedia", versions: [ { lessThan: "1.39.9", status: "affected", version: "1.39.0", versionType: "semver", }, { lessThan: "1.41.3", status: "affected", version: "1.41.0", versionType: "semver", }, { lessThan: "1.42.2", status: "affected", version: "1.42.0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-47845", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-07T17:38:06.697274Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-07T17:39:08.435Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Mediawiki - CSS Extension", vendor: "The Wikimedia Foundation", versions: [ { lessThan: "1.39.9", status: "affected", version: "1.39.x", versionType: "semver", }, { lessThan: "1.41.3", status: "affected", version: "1.41.x", versionType: "semver", }, { lessThan: "1.42.2", status: "affected", version: "1.42.x", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "BlankEclair", }, { lang: "en", type: "finder", value: "Bawolff", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.<p>This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.</p>", }, ], value: "Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.", }, ], impacts: [ { capecId: "CAPEC-242", descriptions: [ { lang: "en", value: "CAPEC-242 Code Injection", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 6.9, baseSeverity: "MEDIUM", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "LOW", subIntegrityImpact: "LOW", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-116", description: "CWE-116 Improper Encoding or Escaping of Output", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-05T00:09:09.355Z", orgId: "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", shortName: "wikimedia-foundation", }, references: [ { url: "https://phabricator.wikimedia.org/T368628", }, { url: "https://phabricator.wikimedia.org/T368594", }, { url: "https://gerrit.wikimedia.org/r/q/I6f38f4a8fc1dcd690ab27b8f18ce6ca903bacc53", }, ], source: { discovery: "UNKNOWN", }, title: "CSS sanitizer used incorrectly, and is easily bypassed", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", assignerShortName: "wikimedia-foundation", cveId: "CVE-2024-47845", datePublished: "2024-10-05T00:09:09.355Z", dateReserved: "2024-10-03T23:44:16.835Z", dateUpdated: "2024-10-07T17:39:08.435Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }