CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
88.5%
The Gallery team reports:
Gallery 2.2.4 addresses the following security
vulnerabilities:
Publish XP module - Fixed unauthorized album creation
and file uploads.
URL rewrite module - Fixed local file inclusion
vulnerability in unsecured admin controller and
information disclosure in hotlink protection.
Core / add-item modules - Fixed Cross Site Scripting
(XSS) vulnerabilities through malicious file names.
Installation (Gallery application) - Update
web-accessibility protection of the storage folder for
Apache 2.2.
Core (Gallery application) / MIME module - Fixed
vulnerability in checks for disallowed file extensions
in file uploads.
Gallery Remote module - Added missing permissions
checks for some GR commands.
WebDAV module - Fixed Cross Site Scripting (XSS)
vulnerability through HTTP PROPPATCH.
WebDAV module - Fixed information (item data)
disclosure in a WebDAV view.
Comment module - Fixed information (item data)
disclosure in comment views.
Core module (Gallery application) - Improved
resilience against item information disclosure
attacks.
Slideshow module - Fixed information (item data)
disclosure in the slideshow.
Print modules - Fixed information (item data)
disclosure in several print modules.
Core / print modules - Fixed arbitrary URL redirection
(phishing attacks) in the core module and several print
modules.
WebCam module - Fixed proxied request weakness.