This allows for bypassing the blacklist and allowing the blocked title to be edited via Special:ChangeContentModel . Therefore it is recommended to upgrade to the latest version of MediaWiki as soon as possible.
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. When setting the value of the $wgAbuseFilterSource preference to Special pages, Special pages can be edited via Special:ChangeContentModel due to the mishandling of the Special pages' EditFilterMergedContent hook return value.
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. When setting the value of the $wgAllowSpecialTitles preference to false, Special pages can be edited via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.
CVE patches were applied to all supported versions. As with all security issues, users are encouraged to keep the security update information circulating as widely as possible.
Timeline
Published on: 12/26/2022 06:15:00 UTC
Last modified on: 01/05/2023 04:50:00 UTC