Описание
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.
A flaw was found in the MediaWiki CSS extension. This vulnerability, categorized as a Path Traversal, allows a remote attacker to access restricted directories. By manipulating file paths, an attacker can read arbitrary files on the server, potentially leading to the disclosure of sensitive information.
Отчет
This vulnerability is rated Moderate for Red Hat as it affects MediaWiki, a web application that, if deployed, could allow an unauthenticated attacker to perform path traversal. This could lead to unauthorized access to sensitive files on the server where MediaWiki is hosted.
Меры по смягчению последствий
To reduce the attack surface, restrict network access to the MediaWiki instance to only trusted clients or internal networks using firewall rules. For example, using firewalld, you can limit access to the web server port (e.g., 80 or 443) from specific source IP addresses or zones. This may impact legitimate users if not configured carefully.
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.
6.5 Medium
CVSS3