CVE-2017-0364Open Redirect in Mediawiki

CWE-601Open RedirectCWE-20Improper Input Validation7 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 57.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MediawikiDebian MediawikiDebian Linux
Timeline
PublishedApr 13
Latest updateMay 14

Description

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

debiandebian/mediawiki< mediawiki 1:1.27.2-1 (bookworm)
NVDmediawiki/mediawiki1.27.01.27.2+2
Debianmediawiki/mediawiki< 1:1.27.2-1+3
CVEListV5mediawiki/mediawikin/a

Also affects: Debian Linux 7.0

🔴Vulnerability Details

2
GHSA
GHSA-cwx8-767m-cwmv: Mediawiki before 12022-05-14
OSV
CVE-2017-0364: Mediawiki before 12018-04-13

📋Vendor Advisories

2
Debian
CVE-2017-0364: mediawiki - Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search ...2017
Red Hat
mediawiki: redirects to any interwiki link in special search2015-12-22

💬Community

2
Bugzilla
CVE-2017-0364 mediawiki: redirects to any interwiki link in special search2018-04-20
Bugzilla
CVE-2017-0362 CVE-2017-0364 CVE-2017-0366 CVE-2017-0370 mediawiki123: various flaws [epel-7]2018-04-19
CVE-2017-0364 — Open Redirect in Mediawiki | cvebase