REDHAT-BUG-981198
First published: Thu Jul 04 2013(Updated: )
Multiple information exposure flaws were found in the way data rest core module of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, used to previously restrict access to certain items of the photo album. A remote attacker, valid Gallery 3 user, could use this flaw to possibly obtain sensitive information (file, resize or thumb path of the item in question). References: [1] <a href="http://galleryproject.org/gallery_3_0_9">http://galleryproject.org/gallery_3_0_9</a> Upstream ticket: [2] <a href="http://sourceforge.net/apps/trac/gallery/ticket/2074">http://sourceforge.net/apps/trac/gallery/ticket/2074</a> Relevant upstream patch (against 3.0.x branch): [3] <a href="https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed">https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NotFound Gallery |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://galleryproject.org/gallery_3_0_9
- http://sourceforge.net/apps/trac/gallery/ticket/2074
- https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed
- http://www.openwall.com/lists/oss-security/2013/07/04/7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=981218
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=981219
- https://access.redhat.com/security/cve/CVE-2013-2241
- http://www.openwall.com/lists/oss-security/2013/07/05/3
- https://bugzilla.redhat.com/show_bug.cgi?id=981198
Frequently Asked Questions
What is the severity of REDHAT-BUG-981198?
The severity of REDHAT-BUG-981198 is classified as moderate due to multiple information exposure flaws.
How do I fix REDHAT-BUG-981198?
To fix REDHAT-BUG-981198, update the Gallery software to the latest version where the vulnerabilities have been addressed.
What are the implications of REDHAT-BUG-981198?
The implications of REDHAT-BUG-981198 include potential unauthorized access to sensitive information within the photo albums.
Who is affected by REDHAT-BUG-981198?
Users of Gallery version 3 who have not applied security updates are affected by REDHAT-BUG-981198.
When was REDHAT-BUG-981198 discovered?
REDHAT-BUG-981198 was reported on June 15, 2014, as part of ongoing security maintenance for Gallery.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-2241
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gallery
- canonical/notfound gallery