mediawiki is vulnerable to information disclosure. The vulnerability exists because the library does not properly validate the data directory permission which allows to attacker to access user credentials data in system.
lists.debian.org/debian-lts-announce/2023/07/msg00011.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/
lists.fedoraproject.org/archives/list/[email protected]/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/
lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
lists.wikimedia.org/hyperkitty/list/[email protected]/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
phabricator.wikimedia.org/T322637
security-tracker.debian.org/tracker/CVE-2022-47927
security.gentoo.org/glsa/202305-24