Mediawiki: >> Mediawiki >> 1.38.5 Security Vulnerabilities
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-03-31
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-01-11
Page 7