Vulnerabilities > CVE-2020-15005
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.
Vulnerable Configurations
References
- https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31
- https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31
- https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33
- https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33
- https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34
- https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34
- https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H/
- https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html
- https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html
- https://phabricator.wikimedia.org/T248947
- https://phabricator.wikimedia.org/T248947
- https://www.debian.org/security/2020/dsa-4767
- https://www.debian.org/security/2020/dsa-4767