Only allow images to be served by thumb.php

Bug #1978520 reported by Kristina Hoeppner
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
21.04
Fix Released
Critical
Unassigned
21.10
Fix Released
Critical
Unassigned
22.04
Fix Released
Critical
Unassigned
22.10
Fix Released
Critical
Robert Lyon

Bug Description

Files are accessible and can be enumerated by their ID via thumb.php and a particular option.

CVE References

information type: Public → Public Security
information type: Public Security → Private Security
summary: - Files are accessible publicly through thumb.php
+ Only allow images to be served by thumb.php
information type: Private Security → Public Security
no longer affects: mahara
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.