CVE-2008-5687 - Vulnerability Details - OpenCVE

ReportizFlow

MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mediawiki	Mediawiki

Configuration 1 [-]

OR	cpe:2.3:a:mediawiki:mediawiki:1.11:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.11:rc1::::::
	cpe:2.3:a:mediawiki:mediawiki:1.11.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.11.2:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.12.0:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1::::::
	cpe:2.3:a:mediawiki:mediawiki:1.12.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.12.2:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.12.3:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.13.0:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1::::::
	cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2::::::
	cpe:2.3:a:mediawiki:mediawiki:1.13.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.13.2:::::::*

No data.

References

Link	Providers
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html
http://secunia.com/advisories/33349
https://exchange.xforce.ibmcloud.com/vulnerabilities/47678
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-19T17:00:00

Updated: 2024-08-07T11:04:44.334Z

Reserved: 2008-12-19T00:00:00

Link: CVE-2008-5687

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-12-19T17:30:03.360

Modified: 2024-11-21T00:54:38.913

Link: CVE-2008-5687

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2008-11802", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"}, {"name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"}, {"name": "FEDORA-2008-11688", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"}, {"name": "mediawiki-images-info-disclosure(47678)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47678"}, {"name": "33349", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33349"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2008-5687", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2008-11802", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"}, {"name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update", "refsource": "MLIST", "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"}, {"name": "FEDORA-2008-11688", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"}, {"name": "mediawiki-images-info-disclosure(47678)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47678"}, {"name": "33349", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33349"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:44.334Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2008-11802", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"}, {"name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"}, {"name": "FEDORA-2008-11688", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"}, {"name": "mediawiki-images-info-disclosure(47678)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47678"}, {"name": "33349", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33349"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5687", "datePublished": "2008-12-19T17:00:00", "dateReserved": "2008-12-19T00:00:00", "dateUpdated": "2024-08-07T11:04:44.334Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "77FBC313-0615-42D9-8617-4DE42CAA48BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/."}, {"lang": "es", "value": "MediaWiki versi\u00f3n 1.11, y otras versiones anteriores a 1.13.3, no protege apropiadamente contra la descarga de copias de seguridad de im\u00e1genes eliminadas, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n confidencial por medio de peticiones de archivos en images/deleted/."}], "id": "CVE-2008-5687", "lastModified": "2024-11-21T00:54:38.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-19T17:30:03.360", "references": [{"source": "[email protected]", "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33349"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47678"}, {"source": "[email protected]", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"}, {"source": "[email protected]", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33349"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "[email protected]", "type": "Primary"}]}