mediawiki -- multiple vulnerabilities

2015-10-1600:00:00

vuxml.freebsd.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

79.3%

JSON

MediaWiki reports:

Wikipedia user RobinHood70 reported two issues in the chunked
upload API. The API failed to correctly stop adding new chunks to
the upload when the reported size was exceeded (T91203), allowing
a malicious users to upload add an infinite number of chunks for a
single file upload. Additionally, a malicious user could upload
chunks of 1 byte for very large files, potentially creating a very
large number of files on the server’s filesystem (T91205).
Internal review discovered that it is not possible to throttle file
uploads.
Internal review discovered a missing authorization check when
removing suppression from a revision. This allowed users with the
‘viewsuppressed’ user right but not the appropriate
‘suppressrevision’ user right to unsuppress revisions.
Richard Stanway from teamliquid.net reported that thumbnails of PNG
files generated with ImageMagick contained the local file path in
the image metadata.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmediawiki123< 1.23.11UNKNOWN
FreeBSDanynoarchmediawiki124< 1.24.4UNKNOWN
FreeBSDanynoarchmediawiki125< 1.25.3UNKNOWN