CVE-2017-0363: Special:UserLogin?returnto=interwiki:foo will redirect to external sites
First published: Fri Apr 13 2018(Updated: )
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.
Credit: security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/mediawiki | 1:1.35.13-1+deb11u2 1:1.39.7-1~deb12u1 1:1.39.8-1 | |
| MediaWiki | >=1.23.0<=1.23.16 | |
| MediaWiki | >=1.27.0<1.27.2 | |
| MediaWiki | >=1.28.0<1.28.1 | |
| Debian Linux | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-0363?
CVE-2017-0363 is considered a medium risk vulnerability due to its potential for redirects to external sites.
How do I fix CVE-2017-0363?
To fix CVE-2017-0363, upgrade MediaWiki to version 1.28.1 or later, or version 1.27.2 or later.
What versions of MediaWiki are affected by CVE-2017-0363?
CVE-2017-0363 affects MediaWiki versions before 1.28.1, 1.27.2, and 1.23.16.
Can CVE-2017-0363 lead to security issues?
Yes, CVE-2017-0363 can lead to phishing attacks through unintended redirection to external websites.
Is there a known exploit for CVE-2017-0363?
While no specific exploit has been publicly documented for CVE-2017-0363, the flaw creates a risk for potential exploitation.
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/title
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/mediawiki
- canonical/mediawiki
- version/mediawiki/1.23.0
- version/mediawiki/1.23.16
- version/mediawiki/1.27.0
- version/mediawiki/1.28.0
- vendor/debian
- canonical/debian linux
- version/debian linux/7.0