The vulnerability of the img_auth.php component of the MediaWikia software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the imgauth.php component of the MediaWik software, which is used to implement the hypertext environment, relates to the disclosure of information. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

Information Exposure

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Information Exposure via the imgauth.php process. ...

img_auth.php may leak private extension images into the public cache

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

Debian DLA-2504-1 : mediawiki security update

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work. CVE-2020-15005 Private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them...

CVE-2020-15005

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

CVE-2020-15005

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

CVE-2020-15005

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

CVE-2020-15005

CVE-2020-15005 affects MediaWiki before 1.31.8, 1.32.x, 1.33.x before 1.33.4, and 1.34.x before 1.34.2. The root cause is mishandling of Cache-Control and Vary headers on private wikis behind a caching proxy using the img_auth.php image authorization feature, allowing public caches to store and s...

CVE-2020-15005

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

CVE-2010-1190

CVE-2010-1190 affects MediaWiki versions before 1.15.2 where thumb.php, used with access-restriction mechanisms like img_auth.php, fails to enforce permissions when serving scaled images. This leads to potential data leakage of private images by manipulating image requests. The issue is documente...