Back to search
CVE-2011-4361
Published: Jan 8, 2012
Modified: Aug 7, 2024
PUBLISHED
Description
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[mediawiki-announce] 20111128 MediaWiki security release 1.17.1
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=758171
x_refsource_CONFIRM
[oss-security] 20111129 CVE request: mediawiki before 1.17.1
mailing-list
x_refsource_MLIST
https://bugzilla.wikimedia.org/show_bug.cgi?id=32616
x_refsource_CONFIRM
[oss-security] 20111129 Re: CVE request: mediawiki before 1.17.1
mailing-list
x_refsource_MLIST
DSA-2366
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now