Gentoo FoundationMGASA-2017-0110Updated mediawiki packages fix security vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
61.5%
API parameters may now be marked as “sensitive” to keep their values out of the logs (CVE-2017-0361). “Mark all pages visited” on the watchlist now requires a CSRF token (CVE-2017-0362). Special:UserLogin and Special:Search allow redirect to interwiki links (CVE-2017-0363, CVE-2017-0364). XSS in SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true (CVE-2017-0365). SVG filter evasion using default attribute values in DTD declaration (CVE-2017-0366). Escape content model/format url parameter in message (CVE-2017-0368). Sysops can undelete pages, although the page is protected against it (CVE-2017-0369). Spam blacklist ineffective on encoded URLs inside file inclusion syntax’s link parameter (CVE-2017-0370).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 5 | noarch | mediawiki | < 1.23.16-1 | mediawiki-1.23.16-1.mga5 |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
61.5%