Lucene search

K
mageiaGentoo FoundationMGASA-2013-0221
HistoryJul 21, 2013 - 12:57 p.m.

Updated mediawiki packages fix security vulnerability

2013-07-2112:57:46
Gentoo Foundation
advisories.mageia.org
14

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.3%

MediaWiki user Marco discovered that security checks for file uploads were not being run when the file was uploaded in chunks through the API. This option has been available to users who can upload files since MediaWiki 1.19 (CVE-2013-2114).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchmediawiki< 1.20.6-1.2mediawiki-1.20.6-1.2.mga3

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.3%