DSA-2022 mediawiki -- several vulnerabilitiesID: oval:org.mitre.oval:def:7451 | Date: (C)2010-05-24 (M)2021-09-11 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in mediawiki, a web-based wiki engine. The following issues have been identified: Insufficient input sanitization in the CSS validation code allows editors to display external images in wiki pages. This can be a privacy concern on public wikis as it allows attackers to gather IP addresses and other information by linking these images to a web server under their control. Insufficient permission checks have been found in thump.php which can lead to disclosure of image files that are restricted to certain users .