Lucene search

K

Veracode Vulnerability DatabaseVERACODE:25771

HistoryJun 26, 2020 - 3:52 a.m.

Information Disclosure

2020-06-2603:52:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

EPSS

0.002

Percentile

57.8%

mediawiki/core is vulnerable to information disclosure. Files are possibly publicly cached in the caching server using the img_auth.php image authorization security feature due to misconfigured Cache-Control and Vary headers. An unauthenticated user is potentially able to access and view these files.

References

gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31

gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33

gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34

lists.debian.org/debian-lts-announce/2020/12/msg00034.html

lists.fedoraproject.org/archives/list/[email protected]/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H/

lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html

phabricator.wikimedia.org/T248947

www.debian.org/security/2020/dsa-4767

EPSS

0.002

Percentile

57.8%

Related for VERACODE:25771

cvelist1 openvas6 cve1 nessus3 fedora1 debiancve1 prion1 mageia1 osv4 ubuntucve1 nvd1 redhatcve1 altlinux1 debian2