Nixpkgs Security Tracker

Untriaged

Permalink CVE-2013-4572

created 2 days, 21 hours ago

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, …

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.

Affected products

MediaWiki

==1.20.x before 1.20.8
==1.21.x before 1.21.3
==before 1.19.9

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

nixos-unstable 1.45.1
- nixpkgs-unstable 1.45.1
- nixos-unstable-small 1.45.1
nixos-25.11 1.44.3
- nixos-25.11-small 1.44.3
- nixpkgs-25.11-darwin 1.44.3

Package maintainers

@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@gshipunov Grigory Shipunov <blame@oxapentane.com>
@tanneberger Tassilo Tanneberger <revol-xut@protonmail.com>
@astro Astro <astro@spaceboyz.net>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.mediawiki

Package maintainers