mediawiki - several vulnerabilities

2010-03-2300:00:00

Google

osv.dev

0.006 Low

EPSS

Percentile

78.1%

Several vulnerabilities have been discovered in mediawiki, a web-based wiki
engine. The following issues have been identified:

Insufficient input sanitization in the CSS validation code allows editors
to display external images in wiki pages. This can be a privacy concern
on public wikis as it allows attackers to gather IP addresses and other
information by linking these images to a web server under their control.
Insufficient permission checks have been found in thump.php which can lead
to disclosure of image files that are restricted to certain users
(e.g. with img_auth.php).

For the stable distribution (lenny), these problems have been fixed in
version 1.12.0-2lenny4.

For the testing distribution (squeeze), these problems have been fixed in
version 1:1.15.2-1.

For the unstable distribution (sid), these problems have been fixed in
version 1:1.15.2-1.

CPENameOperatorVersion
mediawikieq1:1.12.0-2lenny3~bpo40+1
mediawikieq1:1.12.0-2lenny3
mediawikieq1:1.12.0-2lenny2

Name	Operator	Version
mediawiki	eq	1:1.12.0-2lenny3~bpo40+1
mediawiki	eq	1:1.12.0-2lenny3
mediawiki	eq	1:1.12.0-2lenny2

References

www.debian.org/security/2010/dsa-2022

0.006 Low

EPSS

Percentile

78.1%

Related for OSV:DSA-2022-1