6.5
CVE-2017-0369
- EPSS 1.21%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:50
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
Sysops can undelete pages, although the page is protected against it
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.21% | 0.643 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
https://phabricator.wikimedia.org/T108138
https://security-tracker.debian.org/tracker/CVE-2017-0369