Bug 1826079 (CVE-2020-10959)

Summary: CVE-2020-10959 mediawiki: user content can redirect the logout button to different URL
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: Axel.Thimm, bmontgom, eparis, jburrell, mike, nstielau, shurley, sponnaga
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: mediawiki-1.34.0 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in MediaWiki, where an attacker can control the MediaWiki logout redirect URL. This flaw allows an attacker with the ability to create wiki pages, to change the logout URL that a user is redirected to when logging out.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1826080, 1827452, 1827453    
Bug Blocks: 1826082    

Description Guilherme de Almeida Suckevicz 2020-04-20 20:03:48 UTC 
User content can redirect the logout button to different URL.

Reference:
https://phabricator.wikimedia.org/T232932
Comment 1 Guilherme de Almeida Suckevicz 2020-04-20 20:04:05 UTC 
Created mediawiki tracking bugs for this issue:

Affects: fedora-all [bug 1826080]
Comment 2 Jason Shepherd 2020-04-21 05:57:25 UTC 
Release nodes:
https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
Comment 3 Jason Shepherd 2020-04-24 00:14:15 UTC 
Statement:

The MediaWiki Ansible playbook has been removed from OpenShift Container Platform in version 4.3 and later.