nvd-json-data-feeds/CVE-2015/CVE-2015-80xx/CVE-2015-8005.json

{
  "id": "CVE-2015-8005",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2015-11-09T18:59:04.883",
  "lastModified": "2024-11-21T02:37:49.897",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file."
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a 1.23.11, 1.24.x en versiones anteriores a 1.24.4 y 1.25.x en versiones anteriores a 1.25.3 utiliza el argumento de l\u00ednea de comando thumbnail ImageMagick, lo que permite atacantes remotos obtener la ruta de instalaci\u00f3n leyendo los metadatos de un archivo thumbnail PNG."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "baseScore": 5.0,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "1.23.10",
              "matchCriteriaId": "FE35D692-87E9-4982-AA23-27EBD5E5EEE1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securitytracker.com/id/1034028",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://phabricator.wikimedia.org/T108616",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1034028",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://phabricator.wikimedia.org/T108616",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2015-8005",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2015-11-09T18:59:04.883",`
Auto-Update: 2024-11-23T01:02:35.760694+00:00 2024-11-23 01:05:45 +00:00			`"lastModified": "2024-11-21T02:37:49.897",`
			`"vulnStatus": "Modified",`
bootstrap 2023-04-24 12:24:31 +02:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "MediaWiki en versiones anteriores a 1.23.11, 1.24.x en versiones anteriores a 1.24.4 y 1.25.x en versiones anteriores a 1.25.3 utiliza el argumento de l\u00ednea de comando thumbnail ImageMagick, lo que permite atacantes remotos obtener la ruta de instalaci\u00f3n leyendo los metadatos de un archivo thumbnail PNG."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",`
Auto-Update: 2024-11-23T01:02:35.760694+00:00 2024-11-23 01:05:45 +00:00			`"baseScore": 5.0,`
bootstrap 2023-04-24 12:24:31 +02:00			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "PARTIAL",`
			`"integrityImpact": "NONE",`
Auto-Update: 2024-11-23T01:02:35.760694+00:00 2024-11-23 01:05:45 +00:00			`"availabilityImpact": "NONE"`
bootstrap 2023-04-24 12:24:31 +02:00			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 10.0,`
			`"impactScore": 2.9,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-200"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mediawiki:mediawiki::::::::",`
			`"versionEndIncluding": "1.23.10",`
			`"matchCriteriaId": "FE35D692-87E9-4982-AA23-27EBD5E5EEE1"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:::::::*",`
			`"matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:::::::*",`
			`"matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:::::::*",`
			`"matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:::::::*",`
			`"matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:::::::*",`
			`"matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:::::::*",`
			`"matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:::::::*",`
			`"matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "http://www.securitytracker.com/id/1034028",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Patch",`
			`"Vendor Advisory"`
			`]`
			`},`
			`{`
			`"url": "https://phabricator.wikimedia.org/T108616",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2024-11-23T01:02:35.760694+00:00 2024-11-23 01:05:45 +00:00			`},`
			`{`
			`"url": "http://www.securitytracker.com/id/1034028",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Patch",`
			`"Vendor Advisory"`
			`]`
			`},`
			`{`
			`"url": "https://phabricator.wikimedia.org/T108616",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
bootstrap 2023-04-24 12:24:31 +02:00			`}`
			`]`
			`}`