Vulnerability found in CheckUser

[Bbb23sucks]

https://nvd.nist.gov/vuln/detail/CVE-2023-29139

Unfortunately, this only appears to work IF you have CheckUser access.

[boredbird]

https://nvd.nist.gov/vuln/detail/CVE-2023-29139

Unfortunately, this only appears to work IF you have CheckUser access.

I noticed this myself while checkusering a bunch of people with my Wikipedia account.

[Bbb23sucks]

https://nvd.nist.gov/vuln/detail/CVE-2023-29139

Unfortunately, this only appears to work IF you have CheckUser access.

I noticed this myself while checkusering a bunch of people with my Wikipedia account.

Me too, though it was on my WMF account.

[ericbarbour]

It's "nice" to know that MediaWiki is still riddled with bugs that go back 15-20 years. We need these occasional reminders of how screwed-up their Magical Software is. And remains, despite about 18 years of employing coders on actual salaries to "fix" things.

[Bbb23sucks]

It's "nice" to know that MediaWiki is still riddled with bugs that go back 15-20 years. We need these occasional reminders of how screwed-up their Magical Software is. And remains, despite about 18 years of employing coders on actual salaries to "fix" things.

This one was actually fixed rather quickly, though it only appears to apply to the latest alpha of MediaWiki. But anything that isn't big enough to immediately crash their site will likely remain unfixed for 15+ years. Even if it is fixed, it will probably be fixed by an unpaid volunteer. What are they even paying their devs for?

[ericbarbour]

What are they even paying their devs for?

You can ask them, but you will NEVER get a straight answer. And unless you're a prominent jornalist or writer, they would probably ignore your question completely. Great at stonewalling people--not so good at code development.

[Bbb23sucks]

Oh look, they are *FINALLY* addressing it: https://gerrit.wikimedia.org/r/c/mediaw ... r/+/989527

Edit: Nevermind, that's a separate, new vulnerability.