CVE-2017-0371Mediawiki vulnerability

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 56.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedFeb 18
Latest updateFeb 20

Description

MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.27.2-1 (bookworm)
NVDmediawiki/mediawiki1.24.01.27.2+2
Debianmediawiki/mediawiki< 1:1.27.2-1+3

Patches

Patch: phabricator.wikimedia.orgPatch: phabricator.wikimedia.orgPatch: phabricator.wikimedia.org

🔴Vulnerability Details

2
GHSA
GHSA-3hc7-mwwv-ff3c: MediaWiki before 12022-02-20
OSV
CVE-2017-0371: MediaWiki before 12022-02-18

📋Vendor Advisories

2
Red Hat
mediawiki: remote information disclosure2022-02-19
Debian
CVE-2017-0371: mediawiki - MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before...2017
CVE-2017-0371 — Mediawiki vulnerability | cvebase