CVE-2015-8001Improper Access Control in Mediawiki

CWE-284Improper Access Control7 documents5 sources
Severity
3.5LOWNVD
EPSS
0.3%
top 44.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedNov 9
Latest updateMay 17

Description

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.25.5-1 (bookworm)
Debianmediawiki/mediawiki< 1:1.25.5-1+3
NVDmediawiki/mediawiki1.23.10+7

Patches

Patch: lists.wikimedia.orgPatch: lists.wikimedia.org

🔴Vulnerability Details

2
GHSA
GHSA-7w48-ffwf-583v: The chunked upload API (ApiUpload) in MediaWiki before 12022-05-17
OSV
CVE-2015-8001: The chunked upload API (ApiUpload) in MediaWiki before 12015-11-09

📋Vendor Advisories

1
Debian
CVE-2015-8001: mediawiki - The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1....2015

💬Community

3
Bugzilla
CVE-2015-8001 CVE-2015-8002 CVE-2015-8003 CVE-2015-8004 CVE-2015-8005 CVE-2015-8006 CVE-2015-8007 CVE-2015-8008 CVE-2015-8009 mediawiki: multiple flaws fixed in 1.25.3, 1.24.4, and 1.23.11 [fedora-all2015-10-20
Bugzilla
CVE-2015-8001 CVE-2015-8002 CVE-2015-8003 CVE-2015-8004 CVE-2015-8005 CVE-2015-8006 CVE-2015-8007 CVE-2015-8008 CVE-2015-8009 mediawiki: multiple flaws fixed in 1.25.3, 1.24.4, and 1.23.11 [epel-all]2015-10-20
Bugzilla
CVE-2015-8001 CVE-2015-8002 CVE-2015-8003 CVE-2015-8004 CVE-2015-8005 CVE-2015-8006 CVE-2015-8007 CVE-2015-8008 CVE-2015-8009 mediawiki: multiple flaws fixed in 1.25.3, 1.24.4, and 1.23.112015-10-20
CVE-2015-8001 — Improper Access Control in Mediawiki | cvebase