CVE-2010-1189

Sažetak

MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."

Reference

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
http://secunia.com/advisories/39022
http://secunia.com/advisories/39656
http://www.debian.org/security/2010/dsa-2022
http://www.vupen.com/english/advisories/2010/0685
http://www.vupen.com/english/advisories/2010/1001

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

20-05-2010 - 05:49

Objavljeno

31-03-2010 - 18:00