CVE-2017-0369

MEDIUM

MediaWiki < 1.23.16 - Authenticated Page Undeletion via Protection Bypass

Title source: llm
STIX 2.1

Description

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_confirm
https://security-tracker.debian.org/tracker/CVE-2017-0369
Issue Tracking, Third Party Advisory x_refsource_confirm
https://phabricator.wikimedia.org/T108138

Scores

CVSS v3 6.5
EPSS 0.0014
EPSS Percentile 33.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-276
Status published
Products (2)
debian/debian_linux 7.0
mediawiki/mediawiki 1.23.0 - 1.23.16
Published Apr 13, 2018
Tracked Since Feb 18, 2026