MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mediawiki | Mediawiki | * | 1.23.10 (including) |
| Mediawiki | Mediawiki | 1.24.0 (including) | 1.24.0 (including) |
| Mediawiki | Mediawiki | 1.24.1 (including) | 1.24.1 (including) |
| Mediawiki | Mediawiki | 1.24.2 (including) | 1.24.2 (including) |
| Mediawiki | Mediawiki | 1.24.3 (including) | 1.24.3 (including) |
| Mediawiki | Mediawiki | 1.25.0 (including) | 1.25.0 (including) |
| Mediawiki | Mediawiki | 1.25.1 (including) | 1.25.1 (including) |
| Mediawiki | Mediawiki | 1.25.2 (including) | 1.25.2 (including) |
| Mediawiki | Ubuntu | artful | * |
| Mediawiki | Ubuntu | precise | * |
| Mediawiki | Ubuntu | trusty | * |
| Mediawiki | Ubuntu | upstream | * |
| Mediawiki | Ubuntu | vivid | * |
| Mediawiki | Ubuntu | wily | * |
| Mediawiki | Ubuntu | yakkety | * |
| Mediawiki | Ubuntu | zesty | * |
References
- http://www.securitytracker.com/id/1034028
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html
- https://phabricator.wikimedia.org/T91850
- http://www.securitytracker.com/id/1034028
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html
- https://phabricator.wikimedia.org/T91850