7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.835 High
EPSS
Percentile
98.5%
Severity: High
Date : 2017-04-07
CVE-ID : CVE-2017-0361 CVE-2017-0362 CVE-2017-0363 CVE-2017-0364
CVE-2017-0365 CVE-2017-0366 CVE-2017-0367 CVE-2017-0368
CVE-2017-0369 CVE-2017-0370 CVE-2017-0372
Package : mediawiki
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-236
The package mediawiki before version 1.28.1-1 is vulnerable to multiple
issues including arbitrary code execution, cross-site scripting,
information disclosure, cross-site request forgery, insufficient
validation, open redirect and access restriction bypass.
Upgrade to 1.28.1-1.
The problems have been fixed upstream in version 1.28.1.
None.
MediaWiki before 1.28.1 may leak passwords in plaintext. API parameters
may now be marked as “sensitive” to keep their values out of the logs.
MediaWiki before 1.18.1 did not require a CSRF token for the “Mark all
pages visited” action on the watchlist.
The Special:UserLogin page in MediaWiki < 1.28.1 has an open redirect
issue.
The Special:Search page in MediaWiki < 1.28.1 has an open redirect
issue.
SearchHighlighter::removeWiki() uses a regex to remove html from
snippets. The regex - /</?[^>]+>/ assumes that html is well-formed. As
a result when using SearchHighlighter::highlightText() as the
highlighting method, this can result in an XSS when
$wgAdvancedSearchHighlighting is true.
MediaWiki < 1.28.1 did not properly filter the DTD declaration when a
SVG file was uploaded, leading to a persistent XSS.
MediaWiki before 1.28.1 uses the default system temporary directory for
the LocalisationCache directory, allowing a local attacker to execute
arbitrary code as the web user by crafting a cache file whose content
will be passe to unserialize().
MediaWiki < 1.28.1 did not properly mark system messages as raw HTML,
hence not properly escaping it.
In MediaWiki < 1.28.1, a normal sysop that doesn’t have the necessary
rights to override a page protection can still recreate it by restoring
a former revision of that page.
The spam blacklist in MediaWiki before 1.28.1 could be bypassed by
encoding URLs inside a file inclusion syntax’s link parameter.
The SyntaxHighlight extension in MediaWiki before 1.28.1 does not
properly validate the ‘start’ parameter before passing it to Pygments.
A remote attacker might be able to access sensitive information, trick
users into visiting a malicious website, execute arbitrary JavaScript
on the visitor’s browser, trick users into performing unwanted actions
and bypass access restrictions. A local attacker might be able to
execute arbitrary code with the privileges of the webserver.
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
https://phabricator.wikimedia.org/T125177
https://phabricator.wikimedia.org/T150044
https://phabricator.wikimedia.org/T109140
https://phabricator.wikimedia.org/T122209
https://phabricator.wikimedia.org/T144845
https://phabricator.wikimedia.org/T151735
https://phabricator.wikimedia.org/T161453
https://phabricator.wikimedia.org/T156184
https://phabricator.wikimedia.org/T108138
https://phabricator.wikimedia.org/T48143
https://phabricator.wikimedia.org/T158689
https://security.archlinux.org/CVE-2017-0361
https://security.archlinux.org/CVE-2017-0362
https://security.archlinux.org/CVE-2017-0363
https://security.archlinux.org/CVE-2017-0364
https://security.archlinux.org/CVE-2017-0365
https://security.archlinux.org/CVE-2017-0366
https://security.archlinux.org/CVE-2017-0367
https://security.archlinux.org/CVE-2017-0368
https://security.archlinux.org/CVE-2017-0369
https://security.archlinux.org/CVE-2017-0370
https://security.archlinux.org/CVE-2017-0372
lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
phabricator.wikimedia.org/T108138
phabricator.wikimedia.org/T109140
phabricator.wikimedia.org/T122209
phabricator.wikimedia.org/T125177
phabricator.wikimedia.org/T144845
phabricator.wikimedia.org/T150044
phabricator.wikimedia.org/T151735
phabricator.wikimedia.org/T156184
phabricator.wikimedia.org/T158689
phabricator.wikimedia.org/T161453
phabricator.wikimedia.org/T48143
security.archlinux.org/AVG-236
security.archlinux.org/CVE-2017-0361
security.archlinux.org/CVE-2017-0362
security.archlinux.org/CVE-2017-0363
security.archlinux.org/CVE-2017-0364
security.archlinux.org/CVE-2017-0365
security.archlinux.org/CVE-2017-0366
security.archlinux.org/CVE-2017-0367
security.archlinux.org/CVE-2017-0368
security.archlinux.org/CVE-2017-0369
security.archlinux.org/CVE-2017-0370
security.archlinux.org/CVE-2017-0372
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.835 High
EPSS
Percentile
98.5%