Summary
MediaWiki is prone to a security-bypass vulnerability because it fails to properly restrict access to restricted content.
An attacker can exploit this issue to bypass intended security measures to view restricted content in private wikis.
Versions after MediaWiki 1.15 and prior to MediaWiki 1.15.2 are vulnerable.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apple Safari Multiple Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- An Image Gallery Directory Traversal Vulnerability