CVE-2011-4361
Publication date 8 January 2012
Last updated 24 July 2024
Ubuntu priority
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.
Status
Package | Ubuntu Release | Status |
---|---|---|
mediawiki | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |