Wikimedia Foundation MediaWiki GrowthExperiments HTTP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Wikimedia Foundation's MediaWiki GrowthExperiments extension, affecting versions 1.39 through 1.43. This vulnerability arises from improper input validation in the CommunityStructuredMentorListValidator, which is responsible for validating data in the MediaWiki:GrowthMentors.json file. When this file contains invalid data, such as a string instead of a required integer, it can cause fatal errors for users assigned as mentees, effectively disrupting their access to the site.

Impact

Exploiting this vulnerability can lead to internal server errors for users with assigned mentors, causing a disruption in their ability to use the site.

Reproduction

To reproduce this vulnerability, manually edit the MediaWiki:GrowthMentors.json file to include invalid data, such as a string for the mentor weight instead of a non-negative integer. Save the changes, and any user assigned to a mentor with invalid data will experience a fatal error when accessing the site.

Remediation

The vulnerability has been addressed by restoring proper validation for the GrowthMentors.json file. Users should ensure they are using the patched version of the GrowthExperiments extension.