USN-8315-1
- Source
- https://ubuntu.com/security/notices/USN-8315-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8315-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-8315-1
- Upstream
- Published
- 2026-05-27T08:39:27Z
- Modified
- 2026-05-27T15:47:45.721301211Z
- Summary
- mediawiki vulnerabilities
- Details
-
It was discovered that MediaWiki incorrectly handled group membership visibility in the OATHAuth extension. An authenticated attacker could use this issue to determine if other users had two-factor authentication enabled. (CVE-2026-34087)
It was discovered that MediaWiki incorrectly handled suppressed log entry titles in the RecentChanges list. An unauthenticated attacker could use this issue to view titles of deleted or suppressed pages that should be hidden. (CVE-2026-34088)
It was discovered that MediaWiki incorrectly handled resource loading timing information. An attacker could use this issue to determine if certain pages existed on a wiki. (CVE-2026-34092)
- References
Affected packages
Ubuntu:Pro:20.04:LTS / mediawiki
Package
- Name
- mediawiki
- Purl
- pkg:deb/ubuntu/mediawiki?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:1.31.7-1ubuntu0.1~esm1
Affected versions
1:1.*
1:1.31.2-1ubuntu1
1:1.31.5-1
1:1.31.5-1ubuntu1
1:1.31.5-2
1:1.31.5-3
1:1.31.5-3ubuntu1
1:1.31.6-1
1:1.31.7-1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:1.31.7-1ubuntu0.1~esm1",
"binary_name": "mediawiki"
},
{
"binary_version": "1:1.31.7-1ubuntu0.1~esm1",
"binary_name": "mediawiki-classes"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/R:U/RE:M",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-34088"
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8315-1.json"
Ubuntu:Pro:22.04:LTS / mediawiki
Package
- Name
- mediawiki
- Purl
- pkg:deb/ubuntu/mediawiki?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:1.35.6-1ubuntu0.1~esm1
Affected versions
1:1.*
1:1.35.3-1
1:1.35.4-1
1:1.35.5-1
1:1.35.5-1ubuntu1
1:1.35.5-1ubuntu2
1:1.35.5-1ubuntu3
1:1.35.6-1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:1.35.6-1ubuntu0.1~esm1",
"binary_name": "mediawiki"
},
{
"binary_version": "1:1.35.6-1ubuntu0.1~esm1",
"binary_name": "mediawiki-classes"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"cves": [
{
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/RE:M",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-34087"
},
{
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/R:U/RE:M",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-34088"
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8315-1.json"
Ubuntu:Pro:24.04:LTS / mediawiki
Package
- Name
- mediawiki
- Purl
- pkg:deb/ubuntu/mediawiki?arch=source&distro=esm-apps%2Fnoble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:1.39.7-1ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:1.39.7-1ubuntu0.1~esm1",
"binary_name": "mediawiki"
},
{
"binary_version": "1:1.39.7-1ubuntu0.1~esm1",
"binary_name": "mediawiki-classes"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/RE:M",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-34087"
},
{
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/R:U/RE:M",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-34088"
},
{
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-34092"
}
],
"ecosystem": "Ubuntu:Pro:24.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8315-1.json"