Описание
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | released | 1:1.31.8-1 |
| eoan | ignored | end of life |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/jammy | released | 1:1.31.8-1 |
| esm-apps/noble | released | 1:1.31.8-1 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
| groovy | released | 1:1.31.8-1 |
Показывать по
Ссылки на источники
EPSS
2.6 Low
CVSS2
3.1 Low
CVSS3
Связанные уязвимости
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34. ...
img_auth.php may leak private extension images into the public cache
Уязвимость компонента img_auth.php программного средства для реализации гипертекстовой среды MediaWik, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
2.6 Low
CVSS2
3.1 Low
CVSS3