Voozh

Mediawiki tarball is missing .htaccess files

Moderate severity GitHub Reviewed Published to the GitHub Advisory Database • Updated

Package

mediawiki/core (Composer)

Affected versions

>= 1.31.0, < 1.31.1

Patched versions

1.31.1

Description

Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.

References

https://nvd.nist.gov/vuln/detail/CVE-2018-13258
https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
https://phabricator.wikimedia.org/T199029
http://www.securitytracker.com/id/1041695
https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-13258.yaml

Published by the National Vulnerability Database

Published to the GitHub Advisory Database

Reviewed

Last updated

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS score

(79th percentile)

Weaknesses

CVE ID

CVE-2018-13258

GHSA ID

GHSA-2c28-7gwv-cpgf

Source code

wikimedia/mediawiki

See something to contribute? Suggest improvements for this vulnerability.

URL: https://github.com/advisories/GHSA-2c28-7gwv-cpgf

⇱ Mediawiki tarball is missing .htaccess files · CVE-2018-13258 · GitHub Advisory Database · GitHub

Mediawiki tarball is missing .htaccess files

Package

Affected versions

Patched versions

Description

References

Severity

CVSS v3 base metrics

EPSS score

Weaknesses

CVE ID

GHSA ID

Source code