CVE-2017-0371
Last modified
CVE-2017-0371 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute.. EPSS estimates a 1.54% chance of exploitation in the next 30 days.
Description
MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | < 1.23.16 |
| Mediawiki | Mediawiki | >= 1.24.0, < 1.27.2 |
| Mediawiki | Mediawiki | >= 1.28.0, < 1.28.1 |
References
- https://phabricator.wikimedia.org/T140591Issue Tracking, Patch, Vendor Advisory
- https://phabricator.wikimedia.org/T68404Exploit, Issue Tracking, Patch, Vendor Advisory
- https://phabricator.wikimedia.org/T140591Issue Tracking, Patch, Vendor Advisory
- https://phabricator.wikimedia.org/T68404Exploit, Issue Tracking, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-0371?
How severe is CVE-2017-0371?
How do I fix CVE-2017-0371?
Are you affected by CVE-2017-0371?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST