MediaWiki multiple remote vulnerabilities
Description
MediaWiki versions 1.16 through 1.19.1 contain multiple critical security vulnerabilities that allow attackers to execute cross-site scripting (XSS) attacks, bypass CSRF protections, circumvent authentication controls, and access sensitive information. These vulnerabilities affect core MediaWiki functionality including file link handling, language parameter filtering, API token protection, account creation controls, authentication plugin integration, and block metadata visibility. The issues were discovered through both external security research and internal security reviews, and affect production MediaWiki installations including Wikipedia deployments.
Remediation
Immediately upgrade to MediaWiki version 1.19.2 or 1.18.5 to remediate all identified vulnerabilities. Follow these steps:
1. Backup Your Installation:
Create a complete backup of your MediaWiki database and files before upgrading.
2. Upgrade MediaWiki:
Download the appropriate patched version (1.19.2 for 1.19.x users, or 1.18.5 for 1.18.x users) from the official MediaWiki website and follow the standard upgrade procedure documented at mediawiki.org.
3. Clean Up Password Data Leakage:
If you use LDAP or other external authentication plugins, review and clean up leaked password data from your local database following the guidance at https://bugzilla.wikimedia.org/show_bug.cgi?id=39184.
4. Review Security Settings:
Verify that X-Frame-Options headers are properly configured after the upgrade to prevent iframe embedding attacks.
5. Audit User Accounts:
If using GlobalBlocking or similar extensions, review recently created accounts to identify any that may have been created by blocked users exploiting the authentication bypass vulnerability.
6. Monitor for Exploitation:
Review web server logs for suspicious activity related to the uselang parameter or unusual API token requests that may indicate prior exploitation attempts.