CVE-2017-0367

HIGH

Mediawiki < 1.27.2 - Exposure to Wrong Actor

Title source: rule

Description

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

References (3)

[Vendor Advisory] https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html

[Issue Tracking, Third Party Advisory] https://phabricator.wikimedia.org/T161453

[Third Party Advisory] https://security-tracker.debian.org/tracker/CVE-2017-0367

Scores

CVSS v3 8.8

EPSS 0.0052

EPSS Percentile 66.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (2)

mediawiki/mediawiki < 1.27.2

debian/debian_linux

Timeline

Published Apr 13, 2018

Tracked Since Feb 18, 2026