{"id":"USN-8315-1","summary":"mediawiki vulnerabilities","details":"It was discovered that MediaWiki incorrectly handled group membership \nvisibility in the OATHAuth extension. An authenticated attacker could \nuse this issue to determine if other users had two-factor authentication \nenabled. (CVE-2026-34087)\n\nIt was discovered that MediaWiki incorrectly handled suppressed log entry \ntitles in the RecentChanges list. An unauthenticated attacker could use \nthis issue to view titles of deleted or suppressed pages that should be hidden.\n(CVE-2026-34088)\n\nIt was discovered that MediaWiki incorrectly handled resource loading timing\ninformation. An attacker could use this issue to determine if certain pages \nexisted on a wiki. (CVE-2026-34092)","modified":"2026-05-27T15:47:45.721301211Z","published":"2026-05-27T08:39:27Z","upstream":["CVE-2026-34087","CVE-2026-34088","CVE-2026-34092","UBUNTU-CVE-2026-34087","UBUNTU-CVE-2026-34088","UBUNTU-CVE-2026-34092"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8315-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34087"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34088"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34092"}],"affected":[{"package":{"name":"mediawiki","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/mediawiki?arch=source&distro=esm-apps%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.31.7-1ubuntu0.1~esm1"}]}],"versions":["1:1.31.2-1ubuntu1","1:1.31.5-1","1:1.31.5-1ubuntu1","1:1.31.5-2","1:1.31.5-3","1:1.31.5-3ubuntu1","1:1.31.6-1","1:1.31.7-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"mediawiki","binary_version":"1:1.31.7-1ubuntu0.1~esm1"},{"binary_name":"mediawiki-classes","binary_version":"1:1.31.7-1ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/R:U/RE:M","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34088"}],"ecosystem":"Ubuntu:Pro:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8315-1.json"}},{"package":{"name":"mediawiki","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/mediawiki?arch=source&distro=esm-apps%2Fjammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.35.6-1ubuntu0.1~esm1"}]}],"versions":["1:1.35.3-1","1:1.35.4-1","1:1.35.5-1","1:1.35.5-1ubuntu1","1:1.35.5-1ubuntu2","1:1.35.5-1ubuntu3","1:1.35.6-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"mediawiki","binary_version":"1:1.35.6-1ubuntu0.1~esm1"},{"binary_name":"mediawiki-classes","binary_version":"1:1.35.6-1ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/RE:M","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34087"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/R:U/RE:M","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34088"}],"ecosystem":"Ubuntu:Pro:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8315-1.json"}},{"package":{"name":"mediawiki","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/mediawiki?arch=source&distro=esm-apps%2Fnoble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.39.7-1ubuntu0.1~esm1"}]}],"versions":["1:1.39.4-2","1:1.39.5-1","1:1.39.6-1","1:1.39.7-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"mediawiki","binary_version":"1:1.39.7-1ubuntu0.1~esm1"},{"binary_name":"mediawiki-classes","binary_version":"1:1.39.7-1ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/RE:M","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34087"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/R:U/RE:M","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34088"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34092"}],"ecosystem":"Ubuntu:Pro:24.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8315-1.json"}}],"schema_version":"1.7.5"}