CVE-2015-8005

{"id": "CVE-2015-8005", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-11-09T18:59:04.883", "references": [{"url": "http://www.securitytracker.com/id/1034028", "source": "cve@mitre.org"}, {"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://phabricator.wikimedia.org/T108616", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file."}, {"lang": "es", "value": "MediaWiki en versiones anteriores a 1.23.11, 1.24.x en versiones anteriores a 1.24.4 y 1.25.x en versiones anteriores a 1.25.3 utiliza el argumento de l\u00ednea de comando thumbnail ImageMagick, lo que permite atacantes remotos obtener la ruta de instalaci\u00f3n leyendo los metadatos de un archivo thumbnail PNG."}], "lastModified": "2015-11-10T14:19:16.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE35D692-87E9-4982-AA23-27EBD5E5EEE1", "versionEndIncluding": "1.23.10"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}