CVE-2010-1190Mediawiki vulnerability

CWE-2647 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 55.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedMar 31
Latest updateMay 2

Description

thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.15.2-1 (bookworm)
Debianmediawiki/mediawiki< 1:1.15.2-1+3
NVDmediawiki/mediawiki1.15.1+72

Patches

Patch: lists.wikimedia.orgPatch: lists.wikimedia.org

🔴Vulnerability Details

2
GHSA
GHSA-62v2-6655-wvvj: thumb2022-05-02
OSV
CVE-2010-1190: thumb2010-03-31

📋Vendor Advisories

2
Red Hat
MediaWiki: Two security fixes in v1.15.22010-03-08
Debian
CVE-2010-1190: mediawiki - thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanis...2010

💬Community

2
Bugzilla
CVE-2010-1150 MediaWiki v.1.15.3: Login CSRF2010-04-08
Bugzilla
CVE-2010-1189 CVE-2010-1190 MediaWiki: Two security fixes in v1.15.22010-03-09
CVE-2010-1190 — Debian Mediawiki vulnerability | cvebase