6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
79.3%
MediaWiki reports:
Wikipedia user RobinHood70 reported two issues in the chunked
upload API. The API failed to correctly stop adding new chunks to
the upload when the reported size was exceeded (T91203), allowing
a malicious users to upload add an infinite number of chunks for a
single file upload. Additionally, a malicious user could upload
chunks of 1 byte for very large files, potentially creating a very
large number of files on the server’s filesystem (T91205).
Internal review discovered that it is not possible to throttle file
uploads.
Internal review discovered a missing authorization check when
removing suppression from a revision. This allowed users with the
‘viewsuppressed’ user right but not the appropriate
‘suppressrevision’ user right to unsuppress revisions.
Richard Stanway from teamliquid.net reported that thumbnails of PNG
files generated with ImageMagick contained the local file path in
the image metadata.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | mediawiki123 | < 1.23.11 | UNKNOWN |
FreeBSD | any | noarch | mediawiki124 | < 1.24.4 | UNKNOWN |
FreeBSD | any | noarch | mediawiki125 | < 1.25.3 | UNKNOWN |
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
79.3%