Your submission was sent successfully! Close

CVE-2020-15005

Published: 24 June 2020

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.

Priority

Medium

CVSS 3 base score: 3.1

Status

Package Release Status
mediawiki
Launchpad, Ubuntu, Debian
bionic Needed

eoan Ignored
(reached end-of-life)
focal Needed

groovy
Released (1:1.31.8-1)
hirsute
Released (1:1.31.8-1)
impish
Released (1:1.31.8-1)
jammy
Released (1:1.31.8-1)
precise Does not exist

trusty Does not exist

upstream
Released (1:1.31.8-1)
xenial Does not exist