Description

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

Remediation

References

CVE-2017-0361

Related Vulnerabilities

Python Integer Overflow or Wraparound Vulnerability (CVE-2008-2315)

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6043)

WordPress Plugin WP Responsive Testimonials Slider And Widget Cross-Site Scripting (1.5)

Apache HTTP Server Improper Handling of Case Sensitivity Vulnerability (CVE-2001-0766)

Oracle Database Server CVE-2014-6538 Vulnerability (CVE-2014-6538)

Severity

High

Classification

CVE-2017-0361 CWE-200 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities