Security Advisories
CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVEs affecting projects tracked on Release Alert, from NVD & OSV.
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.