Vulnerability Details CVE-2017-0367
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
- https://phabricator.wikimedia.org/T161453
- https://security-tracker.debian.org/tracker/CVE-2017-0367
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
- https://phabricator.wikimedia.org/T161453
- https://security-tracker.debian.org/tracker/CVE-2017-0367
Products affected by CVE-2017-0367
-
cpe:2.3:a:mediawiki:mediawiki:1.27.0
-
cpe:2.3:a:mediawiki:mediawiki:1.27.1
-
cpe:2.3:a:mediawiki:mediawiki:1.28.0
-
cpe:2.3:o:debian:debian_linux:7.0