Vulnerability found in CheckUser
-
- Sucker
- Posts: 1402
- Joined: Fri Jan 06, 2023 9:08 am
- Location: The Astral Plane
- Has thanked: 1467 times
- Been thanked: 294 times
Vulnerability found in CheckUser
https://nvd.nist.gov/vuln/detail/CVE-2023-29139
Unfortunately, this only appears to work IF you have CheckUser access.
Unfortunately, this only appears to work IF you have CheckUser access.
"Globally banned" since September 5, 2023 for exposing harassment.
-
- Sucks Mod
- Posts: 607
- Joined: Wed Jul 26, 2017 3:24 am
- Has thanked: 759 times
- Been thanked: 359 times
Re: Vulnerability found in CheckUser
I noticed this myself while checkusering a bunch of people with my Wikipedia account.Bbb23sucks wrote: ↑Sat Apr 22, 2023 8:42 pmhttps://nvd.nist.gov/vuln/detail/CVE-2023-29139
Unfortunately, this only appears to work IF you have CheckUser access.
-
- Sucker
- Posts: 1402
- Joined: Fri Jan 06, 2023 9:08 am
- Location: The Astral Plane
- Has thanked: 1467 times
- Been thanked: 294 times
Re: Vulnerability found in CheckUser
Me too, though it was on my WMF account.boredbird wrote: ↑Sat Apr 22, 2023 10:13 pmI noticed this myself while checkusering a bunch of people with my Wikipedia account.Bbb23sucks wrote: ↑Sat Apr 22, 2023 8:42 pmhttps://nvd.nist.gov/vuln/detail/CVE-2023-29139
Unfortunately, this only appears to work IF you have CheckUser access.
"Globally banned" since September 5, 2023 for exposing harassment.
-
- Sucks Admin
- Posts: 4932
- Joined: Sat Feb 25, 2017 1:56 am
- Location: The ass-tral plane
- Has thanked: 1283 times
- Been thanked: 2025 times
Re: Vulnerability found in CheckUser
It's "nice" to know that MediaWiki is still riddled with bugs that go back 15-20 years. We need these occasional reminders of how screwed-up their Magical Software is. And remains, despite about 18 years of employing coders on actual salaries to "fix" things.
-
- Sucker
- Posts: 1402
- Joined: Fri Jan 06, 2023 9:08 am
- Location: The Astral Plane
- Has thanked: 1467 times
- Been thanked: 294 times
Re: Vulnerability found in CheckUser
This one was actually fixed rather quickly, though it only appears to apply to the latest alpha of MediaWiki. But anything that isn't big enough to immediately crash their site will likely remain unfixed for 15+ years. Even if it is fixed, it will probably be fixed by an unpaid volunteer. What are they even paying their devs for?ericbarbour wrote: ↑Sat Apr 22, 2023 11:39 pmIt's "nice" to know that MediaWiki is still riddled with bugs that go back 15-20 years. We need these occasional reminders of how screwed-up their Magical Software is. And remains, despite about 18 years of employing coders on actual salaries to "fix" things.
"Globally banned" since September 5, 2023 for exposing harassment.
-
- Sucks Admin
- Posts: 4932
- Joined: Sat Feb 25, 2017 1:56 am
- Location: The ass-tral plane
- Has thanked: 1283 times
- Been thanked: 2025 times
Re: Vulnerability found in CheckUser
You can ask them, but you will NEVER get a straight answer. And unless you're a prominent jornalist or writer, they would probably ignore your question completely. Great at stonewalling people--not so good at code development.
-
- Sucker
- Posts: 1402
- Joined: Fri Jan 06, 2023 9:08 am
- Location: The Astral Plane
- Has thanked: 1467 times
- Been thanked: 294 times
Re: Vulnerability found in CheckUser
Oh look, they are *FINALLY* addressing it: https://gerrit.wikimedia.org/r/c/mediaw ... r/+/989527
Edit: Nevermind, that's a separate, new vulnerability.
Edit: Nevermind, that's a separate, new vulnerability.
"Globally banned" since September 5, 2023 for exposing harassment.