CVE-2014-8762 : The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a craf

The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.

Published 2014-10-22 14:55:08

Updated 2016-04-04 13:15:16

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2014-8762

Probability of exploitation activity in the next 30 days: 0.66%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-8762

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2014-8762

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-8762

http://www.openwall.com/lists/oss-security/2014/10/13/3

oss-security - CVE request: various security flaws in dokuwiki

CVEs referencing this url
http://advisories.mageia.org/MGASA-2014-0438.html

Mageia Advisory: MGASA-2014-0438 - Updated dokuwiki packages fix security vulnerabilities

CVEs referencing this url
http://www.debian.org/security/2014/dsa-3059

Debian -- Security Information -- DSA-3059-1 dokuwiki

CVEs referencing this url
http://www.securityfocus.com/bid/70404

DokuWiki Information Disclosure Vulnerability
https://github.com/splitbrain/dokuwiki/issues/765

ACL checks in the media file details ajax calls only for root/arbitrary namespace · Issue #765 · splitbrain/dokuwiki · GitHub

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2014/10/16/9

oss-security - Re: CVE request: various security flaws in dokuwiki

CVEs referencing this url

Products affected by CVE-2014-8762

Dokuwiki » Dokuwiki
Versions up to, including, (<=) 2013-12-08
cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-8762

Exploit prediction scoring system (EPSS) score for CVE-2014-8762

CVSS scores for CVE-2014-8762

CWE ids for CVE-2014-8762

References for CVE-2014-8762

Products affected by CVE-2014-8762