AVG-236

Package mediawiki
Status Fixed
Severity High
Type multiple issues
Affected 1.28.0-1
Fixed 1.28.1-1
Current 1.31.0-1 [community]
Ticket None
Created Fri Apr 7 09:47:44 2017
Issue Severity Remote Type Description
CVE-2017-0370 Medium Yes Insufficient validation
The spam blacklist in MediaWiki before 1.28.1 could be bypassed by encoding URLs inside a file inclusion syntax's link parameter.
CVE-2017-0369 Low Yes Access restriction bypass
In MediaWiki < 1.28.1, a normal sysop that doesn't have the necessary rights to override a page protection can still recreate it by restoring a former...
CVE-2017-0368 Low Yes Cross-site scripting
MediaWiki < 1.28.1 did not properly mark system messages as raw HTML, hence not properly escaping it.
CVE-2017-0367 High No Arbitrary code execution
MediaWiki before 1.28.1 uses the default system temporary directory for the LocalisationCache directory, allowing a local attacker to execute arbitrary code...
CVE-2017-0366 High Yes Cross-site scripting
MediaWiki < 1.28.1 did not properly filter the DTD declaration when a SVG file was uploaded, leading to a persistent XSS.
CVE-2017-0365 Medium Yes Cross-site scripting
SearchHighlighter::removeWiki() uses a regex to remove html from snippets. The regex - /<\/?[^>]+>/ assumes that html is well-formed. As a result when using...
CVE-2017-0364 Medium Yes Open redirect
The Special:Search page in MediaWiki < 1.28.1 has an open redirect issue.
CVE-2017-0363 Medium Yes Open redirect
The Special:UserLogin page in MediaWiki < 1.28.1 has an open redirect issue.
CVE-2017-0362 Medium Yes Cross-site request forgery
MediaWiki before 1.18.1 did not require a CSRF token for the "Mark all pages visited" action on the watchlist.
CVE-2017-0361 High No Information disclosure
MediaWiki before 1.29.2 may leak passwords in plaintext. API parameters may now be marked as "sensitive" to keep their values out of the logs.
Date Advisory Package Description
07 Apr 2017 ASA-201704-3 mediawiki multiple issues
References
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html