Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: June 24, 2020
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.
Related Resources (5)
Weakness Type (CWE)
Information Leak / DisclosureCWE-200
Upgrade to version 1.34.2,1.33.4,1.31.8
|Attack Vector (AV):||NETWORK|
|Attack Complexity (AC):||HIGH|
|Privileges Required (PR):||NONE|
|User Interaction (UI):||REQUIRED|
|Access Vector (AV):||NETWORK|
|Access Complexity (AC):||HIGH|