CVE-2017-0367 — Resource Exposure in Mediawiki

CWE-668 — Resource Exposure CWE-377 — Insecure Temporary File8 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 33.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki Debian Linux

Timeline

PublishedApr 13

Latest updateMay 13

Description

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/mediawiki< mediawiki 1:1.27.2-1 (bookworm)

▶NVDmediawiki/mediawiki1.27.0 — 1.27.2+1

▶Debianmediawiki/mediawiki< 1:1.27.2-1+3

▶CVEListV5mediawiki/mediawikin/a

Also affects: Debian Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-jqmm-c922-3758: Mediawiki before 1↗2022-05-13

▶

OSV

CVE-2017-0367: Mediawiki before 1↗2018-04-13

▶

📋Vendor Advisories

Red Hat

mediawiki: unsafe use of temporary directory↗2017-03-26

▶

Debian

CVE-2017-0367: mediawiki - Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, ...↗2017

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Iceni Infix PDF Editor Memory Corruption↗2017-07-11

▶

Talos

Vulnerability Spotlight: Iceni Infix PDF Editor Memory Corruption↗2017-07-11

▶

💬Community

Bugzilla

CVE-2017-0367 mediawiki: unsafe use of temporary directory↗2018-04-20

▶