CVE Vulnerabilities

CVE-2020-15005

Published: Jun 24, 2020 | Modified: Nov 21, 2024
CVSS 3.x
3.1
LOW
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
3.1 LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Ubuntu
MEDIUM

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.

Affected Software

Name Vendor Start Version End Version
Mediawiki Mediawiki * 1.31.8 (excluding)
Mediawiki Mediawiki 1.32.0 (including) 1.33.4 (excluding)
Mediawiki Mediawiki 1.34 (including) 1.34.2 (excluding)
Mediawiki Ubuntu bionic *
Mediawiki Ubuntu devel *
Mediawiki Ubuntu eoan *
Mediawiki Ubuntu esm-apps/bionic *
Mediawiki Ubuntu esm-apps/focal *
Mediawiki Ubuntu focal *
Mediawiki Ubuntu groovy *
Mediawiki Ubuntu hirsute *
Mediawiki Ubuntu impish *
Mediawiki Ubuntu jammy *
Mediawiki Ubuntu kinetic *
Mediawiki Ubuntu lunar *
Mediawiki Ubuntu mantic *
Mediawiki Ubuntu noble *
Mediawiki Ubuntu oracular *
Mediawiki Ubuntu trusty *
Mediawiki Ubuntu upstream *

References