5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.0%
includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x
before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote
attackers to obtain sensitive information via a “<” (open angle bracket)
character in the lang parameter to w/load.php, which reveals the
installation path in an error message.
Author | Note |
---|---|
mdeslaur | ubuntu packages have fixed paths. ignoring. |