CVE-2008-5687
Published: 19 December 2008
MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.
Notes
Author | Note |
---|---|
mdeslaur | from debian: the CVE id description is wrong, this is fixed in 1.13.3 |
Priority
Status
Package | Release | Status |
---|---|---|
mediawiki Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Ignored
(end of life, was needs-triage)
|
|
hardy |
Released
(1:1.11.2-2ubuntu0.2)
|
|
intrepid |
Released
(1:1.12.0-2ubuntu0.2)
|
|
jaunty |
Not vulnerable
(1.13.3-1)
|
|
karmic |
Not vulnerable
(1.13.3-1)
|
|
upstream |
Released
(1.13.3-1)
|