CVE-2017-0361

Published: Apr 13, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

Affected (4)

Products: Mediawiki: Mediawiki · Debian: Debian Linux

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mediawiki Mediawiki	From 1.23.0 to 1.23.16
Mediawiki Mediawiki	From 1.27.0 to 1.27.2
Mediawiki Mediawiki	From 1.28.0 to 1.28.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://www.securitytracker.com/id/1039812

Source: security@debian.org

Third Party AdvisoryVDB Entry

https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html

Source: security@debian.org

Vendor Advisory

https://phabricator.wikimedia.org/T125177

Source: security@debian.org

Issue TrackingThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2017-0361

Source: security@debian.org

Third Party Advisory

http://www.securitytracker.com/id/1039812

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://phabricator.wikimedia.org/T125177

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2017-0361

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.