CVE-2017-0361

HIGH

MediaWiki < 1.23.16 - Exposure of Sensitive Information via API Log

Title source: llm
STIX 2.1

Description

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

References (4)

Core 4
Core References
Third Party Advisory x_refsource_confirm
https://security-tracker.debian.org/tracker/CVE-2017-0361
Issue Tracking, Third Party Advisory x_refsource_confirm
https://phabricator.wikimedia.org/T125177
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039812

Scores

CVSS v3 7.8
EPSS 0.0008
EPSS Percentile 23.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (2)
debian/debian_linux 7.0
mediawiki/mediawiki 1.23.0 - 1.23.16
Published Apr 13, 2018
Tracked Since Feb 18, 2026