CVE-2017-0361 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Information disclosure
Description	MediaWiki before 1.29.2 may leak passwords in plaintext. API parameters may now be marked as "sensitive" to keep their values out of the logs.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-490	mediawiki	1.29.1-1	1.29.2-1	High	Fixed
AVG-236	mediawiki	1.28.0-1	1.28.1-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
15 Nov 2017	ASA-201711-20	AVG-490	mediawiki	High	multiple issues
07 Apr 2017	ASA-201704-3	AVG-236	mediawiki	High	multiple issues

References
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html https://phabricator.wikimedia.org/T125177 https://phabricator.wikimedia.org/T180488 https://github.com/wikimedia/mediawiki/commit/8b0220e81ba462d21d8e1facbe6aed047f7418a2 https://github.com/wikimedia/mediawiki/commit/59ce3456a8007d76875fe8fb21eff4a90b214034

References

https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
https://phabricator.wikimedia.org/T125177
https://phabricator.wikimedia.org/T180488
https://github.com/wikimedia/mediawiki/commit/8b0220e81ba462d21d8e1facbe6aed047f7418a2
https://github.com/wikimedia/mediawiki/commit/59ce3456a8007d76875fe8fb21eff4a90b214034

Notes
CVE-2017-0361 wasn't correctly fixed in all branches and previous security releases before 1.29.2.