Headline
CVE-2023-36674: ⚓ T335612 CVE-2023-36674: Manualthumb bypasses badFile lookup
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.
Risk Rating
Low
Author Affiliation
WMF Product
- Task Graph
- Mentions
Event Timeline
There are a very large number of changes, so older changes are hidden. Show Older Changes
Restricted Application added a subscriber: Aklapper.
mmartorana changed the task status from Open to In Progress.
mmartorana triaged this task as Low priority.
mmartorana changed Risk Rating from N/A to Low.
Reedy renamed this task from Manualthumb bypasses badFile lookup to CVE-2023-36674: Manualthumb bypasses badFile lookup.
Reedy closed this task as Resolved.
Related news
Debian Linux Security Advisory 5447-1 - Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, a bypass of vandalism protections or information disclosure.