CVE-2017-0361Sensitive Information Exposure in Mediawiki

CWE-200Sensitive Information ExposureCWE-532Log File Information Exposure8 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 76.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MediawikiDebian MediawikiDebian Linux
Timeline
PublishedApr 13
Latest updateMay 14

Description

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/mediawiki< mediawiki 1:1.27.2-1 (bookworm)
NVDmediawiki/mediawiki1.27.01.27.2+2
Debianmediawiki/mediawiki< 1:1.27.2-1+3
CVEListV5mediawiki/mediawikin/a

Also affects: Debian Linux 7.0

🔴Vulnerability Details

2
GHSA
GHSA-9hp2-ghj9-3753: Mediawiki before 12022-05-14
OSV
CVE-2017-0361: Mediawiki before 12018-04-13

📋Vendor Advisories

2
Debian
CVE-2017-0361: mediawiki - Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure fl...2017
Red Hat
mediawiki: information disclosure in the api.log2016-01-29

💬Community

3
Bugzilla
CVE-2017-0361 mediawiki: information disclosure in the api.log2018-04-19
Bugzilla
CVE-2017-0361 CVE-2017-0363 CVE-2017-0365 CVE-2017-0369 mediawiki123: various flaws [epel-7]2018-04-19
Bugzilla
CVE-2017-0361 mediawiki119: mediawiki: information disclosure in the api.log [epel-6]2018-04-19
CVE-2017-0361 — Sensitive Information Exposure | cvebase