CVE-2018-13258 – mediawiki/core

Package

Manager: composer
Name: mediawiki/core
Vulnerable Version: >=1.31.0 <1.31.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00319 pctl0.54419

Details

Mediawiki tarball is missing .htaccess files Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.

Metadata

Created: 2022-05-14T01:57:00Z
Modified: 2024-05-15T23:04:23Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2c28-7gwv-cpgf/GHSA-2c28-7gwv-cpgf.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-2c28-7gwv-cpgf
Finding: F039
Auto approve: 1