Exposure of Resource to Wrong Sphere in MediaWiki

#VU31325 Exposure of Resource to Wrong Sphere in MediaWiki

Published: 2018-04-13 | Updated: 2020-07-17

Vulnerability identifier: #VU31325

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-0367

CWE-ID: N/A

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MediaWiki
Web applications / CMS

Vendor: MediaWiki.org

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

Mitigation
Install update from vendor's website.

Vulnerable software versions

MediaWiki: 1.28.0

External links
http://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
http://phabricator.wikimedia.org/T161453
http://security-tracker.debian.org/tracker/CVE-2017-0367

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in MediaWiki MediaWiki

Arch Linux update for mediawiki