Description

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

Remediation

References

CVE-2017-0361

Related Vulnerabilities

WildFly Application Server Uncontrolled Resource Consumption Vulnerability (CVE-2016-9589)

Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48706)

WordPress Plugin Appointment Booking Calendar Cross-Site Scripting (1.3.18)

WordPress Plugin Users Ultra SQL Injection (1.5.15)

MediaWiki Improper Handling of Exceptional Conditions Vulnerability (CVE-2020-25869)

Severity

High

Classification

CVE-2017-0361 CWE-200 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities