CVE-2017-0361 - log back

CVE-2017-0361 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Information disclosure
Description
+ MediaWiki before 1.29.2 may leak passwords in plaintext. API parameters may now be marked as "sensitive" to keep their values out of the logs.
References
+ https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
+ https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
+ https://phabricator.wikimedia.org/T125177
+ https://phabricator.wikimedia.org/T180488
+ https://github.com/wikimedia/mediawiki/commit/8b0220e81ba462d21d8e1facbe6aed047f7418a2
+ https://github.com/wikimedia/mediawiki/commit/59ce3456a8007d76875fe8fb21eff4a90b214034
Notes
+ CVE-2017-0361 wasn't correctly fixed in all branches and previous security releases before 1.29.2.