---

CVE-2017-0361 - log back

CVE-2017-0361 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Local
Type	+ Information disclosure
Description	+ MediaWiki before 1.29.2 may leak passwords in plaintext. API parameters may now be marked as "sensitive" to keep their values out of the logs.
References	+ https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html + https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + https://phabricator.wikimedia.org/T125177 + https://phabricator.wikimedia.org/T180488 + https://github.com/wikimedia/mediawiki/commit/8b0220e81ba462d21d8e1facbe6aed047f7418a2 + https://github.com/wikimedia/mediawiki/commit/59ce3456a8007d76875fe8fb21eff4a90b214034
Notes	+ CVE-2017-0361 wasn't correctly fixed in all branches and previous security releases before 1.29.2.