Lucene search

K
nessusTenable700053.PRM
HistoryApr 10, 2017 - 12:00 a.m.

MediaWiki 1.23.x < 1.23.16 / 1.27.x < 1.27.2 / 1.28.x < 1.28.1 Multiple Vulnerabilities

2017-04-1000:00:00
Tenable
www.tenable.com
24

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.835

Percentile

98.5%

The version of MediaWiki installed is 1.23.x prior to 1.23.16, 1.27.x prior to 1.27.2, or 1.28.x prior to 1.28.1, and is affected by multiple vulnerabilities :

  • A flaw exists that is due to the program storing sensitive parameter information in ‘api.log’ in plaintext. This may allow a local attacker to gain access to password information. (CVE-2017-0361)
  • A flaw exists as HTTP requests to ‘includes/specials/SpecialWatchlist.php’ do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF/XSRF) attack causing the victim to mark all pages as visited in a watchlist. (CVE-2017-0362)
  • A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the ‘highlightText()’ function in ‘includes/search/SearchHighlighter.php’ does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that will execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2017-0365)
  • A flaw exists that allows a stored XSS attack. This flaw exists because the program does not validate input when handling uploaded SVG files before returning it to users. This may allow a remote attacker to create a specially crafted request that will execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2017-0366)
  • A flaw exists in the ‘includes/cache/localisation/LocalisationCache.php’ script that is triggered as the ‘LocalisationCache’ will fall back to the insecure temporary directory when determining the location to write the cache, potentially disclosing sensitive information to a local attacker. (CVE-2017-0367)
  • A flaw exists in the ‘includes/EditPage.php’ script that is triggered as input passed via the message parser is not properly sanitized when using the rawHTML mode. This may allow a remote attacker to potentially inject arbitrary HTML content. (CVE-2017-0368)
  • A flaw exists that may allow an authenticated remote attacker to potentially undelete a page without the appropriate authorizations. (CVE-2017-0369)
  • A flaw exists in the ‘includes/parser/Parser.php’ script that is triggered as the spam blacklist features does not properly function on encoded URLs in the file inclusion syntax’s link parameter. This may allow a remote attacker to bypass blacklist protection mechanisms. (CVE-2017-0370)
  • A flaw exists that allows a stored XSS attack. This flaw exists because the ‘SyntaxHighlight_GeSHi.class.php’ script does not validate input to the ‘start’ parameter before returning it to users. This may allow a remote attacker to create a specially crafted request that will execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2017-0372)
Binary data 700053.prm
VendorProductVersionCPE
mediawikimediawikicpe:/a:mediawiki:mediawiki

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.835

Percentile

98.5%