Description

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

Remediation

References

CVE-2017-0367

Related Vulnerabilities

WordPress Plugin Stetic Cross-Site Request Forgery (1.0.6)

Squid CVE-2018-1000024 Vulnerability (CVE-2018-1000024)

WordPress Plugin Chamber Dashboard Member Manager Cross-Site Scripting (2.0.5)

WordPress Plugin EZ Portfolio Multiple Cross-Site Scripting Vulnerabilities (1.0.1)

WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Scripting (14.1.7)

Severity

High

Classification

CVE-2017-0367 CWE-668 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities