CVE-2008-5687

{"id": "CVE-2008-5687", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-12-19T17:30:03.360", "references": [{"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33349", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47678", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html", "source": "cve@mitre.org"}, {"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/33349", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47678", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/."}, {"lang": "es", "value": "MediaWiki versi\u00f3n 1.11, y otras versiones anteriores a 1.13.3, no protege apropiadamente contra la descarga de copias de seguridad de im\u00e1genes eliminadas, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n confidencial por medio de peticiones de archivos en images/deleted/."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77FBC313-0615-42D9-8617-4DE42CAA48BE"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}