OpenCVE

The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dokuwiki	Dokuwiki

Configuration 1 [-]

cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://advisories.mageia.org/MGASA-2014-0438.html
http://secunia.com/advisories/61983
http://www.debian.org/security/2014/dsa-3059
http://www.openwall.com/lists/oss-security/2014/10/13/3
http://www.openwall.com/lists/oss-security/2014/10/16/9
http://www.securityfocus.com/bid/70404
https://github.com/splitbrain/dokuwiki/issues/765

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-10-22T14:00:00

Updated: 2024-08-06T13:26:02.550Z

Reserved: 2014-10-13T00:00:00

Link: CVE-2014-8762

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-10-22T14:55:08.293

Modified: 2024-11-21T02:19:43.713

Link: CVE-2014-8762

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-25T00:00:00", "descriptions": [{"lang": "en", "value": "The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-01T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "61983", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61983"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0438.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/splitbrain/dokuwiki/issues/765"}, {"name": "70404", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70404"}, {"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"}, {"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"}, {"name": "DSA-3059", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3059"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-8762", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "61983", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61983"}, {"name": "http://advisories.mageia.org/MGASA-2014-0438.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0438.html"}, {"name": "https://github.com/splitbrain/dokuwiki/issues/765", "refsource": "CONFIRM", "url": "https://github.com/splitbrain/dokuwiki/issues/765"}, {"name": "70404", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70404"}, {"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"}, {"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"}, {"name": "DSA-3059", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3059"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:26:02.550Z"}, "title": "CVE Program Container", "references": [{"name": "61983", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61983"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0438.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/splitbrain/dokuwiki/issues/765"}, {"name": "70404", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70404"}, {"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"}, {"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"}, {"name": "DSA-3059", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3059"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8762", "datePublished": "2014-10-22T14:00:00", "dateReserved": "2014-10-13T00:00:00", "dateUpdated": "2024-08-06T13:26:02.550Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C134F2A-492D-4379-8471-DAD6569D7FF9", "versionEndIncluding": "2013-12-08", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter."}, {"lang": "es", "value": "La funci\u00f3n ajax_mediadiff en DokuWiki anterior a 2014-05-05a permite a atacantes remotos acceder a im\u00e1genes arbitrarias a trav\u00e9s de un espacio de nombre manipulado en el par\u00e1metro ns."}], "id": "CVE-2014-8762", "lastModified": "2024-11-21T02:19:43.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-22T14:55:08.293", "references": [{"source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2014-0438.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61983"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3059"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/70404"}, {"source": "secalert@redhat.com", "url": "https://github.com/splitbrain/dokuwiki/issues/765"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0438.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3059"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/70404"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/splitbrain/dokuwiki/issues/765"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}