Skip to content

img_auth.php may leak private extension images into the public cache

Moderate severity GitHub Reviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Nov 1, 2024

Package

composer mediawiki/core (Composer)

Affected versions

< 1.31.8
>= 1.32.0, < 1.33.4
>= 1.34.0, < 1.34.2

Patched versions

1.31.8
1.33.4
1.34.2
Published by the National Vulnerability Database Jun 24, 2020
Published to the GitHub Advisory Database May 24, 2022
Reviewed Nov 1, 2024
Last updated Nov 1, 2024

Severity

Moderate

EPSS score

0.109%
(45th percentile)

Weaknesses

CVE ID

CVE-2020-15005

GHSA ID

GHSA-xpv7-93cm-4mxv

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.