CVE-2011-4361
EPSS 0.18%
Description
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.
How to fix CVE-2011-4361
To remediate CVE-2011-4361, upgrade the affected package to a fixed version below.
- Debian/mediawiki—upgrade to 1:1.15.5-4 or later
Is CVE-2011-4361 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.15.5-4