Описание
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListRelease NotesVendor Advisory
- PatchVendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListRelease NotesVendor Advisory
- PatchVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
3.1 Low
CVSS3
2.6 Low
CVSS2
Дефекты
Связанные уязвимости
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34. ...
img_auth.php may leak private extension images into the public cache
Уязвимость компонента img_auth.php программного средства для реализации гипертекстовой среды MediaWik, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
3.1 Low
CVSS3
2.6 Low
CVSS2