Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-0369

Summary
Assigner-debian
Assigner Org ID-79363d38-fa19-49d1-9214-5f28da3f3ac5
Published At-13 Apr, 2018 | 16:00
Updated At-16 Sep, 2024 | 20:58
Rejected At-
Credits

Sysops can undelete pages, although the page is protected against it

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:debian
Assigner Org ID:79363d38-fa19-49d1-9214-5f28da3f3ac5
Published At:13 Apr, 2018 | 16:00
Updated At:16 Sep, 2024 | 20:58
Rejected At:
▼CVE Numbering Authority (CNA)
Sysops can undelete pages, although the page is protected against it

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

Affected Products
Vendor
Wikimedia Foundationmediawiki
Product
mediawiki
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/Arestriction bypass
Type: text
CWE ID: N/A
Description: restriction bypass
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
mailing-list
x_refsource_MLIST
https://security-tracker.debian.org/tracker/CVE-2017-0369
x_refsource_CONFIRM
https://phabricator.wikimedia.org/T108138
x_refsource_CONFIRM
Hyperlink: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://security-tracker.debian.org/tracker/CVE-2017-0369
Resource:
x_refsource_CONFIRM
Hyperlink: https://phabricator.wikimedia.org/T108138
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
mailing-list
x_refsource_MLIST
x_transferred
https://security-tracker.debian.org/tracker/CVE-2017-0369
x_refsource_CONFIRM
x_transferred
https://phabricator.wikimedia.org/T108138
x_refsource_CONFIRM
x_transferred
Hyperlink: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://security-tracker.debian.org/tracker/CVE-2017-0369
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://phabricator.wikimedia.org/T108138
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@debian.org
Published At:13 Apr, 2018 | 16:29
Updated At:03 Oct, 2019 | 00:03

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
Type: Primary
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:N
CPE Matches
Wikimedia Foundation
mediawiki
>>mediawiki>>Versions from 1.23.0(inclusive) to 1.23.16(inclusive)
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>Versions from 1.27.0(inclusive) to 1.27.2(exclusive)
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>Versions from 1.28.0(inclusive) to 1.28.1(exclusive)
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-276Primarynvd@nist.gov
CWE ID: CWE-276
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.htmlsecurity@debian.org
Vendor Advisory
https://phabricator.wikimedia.org/T108138security@debian.org
Issue Tracking
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2017-0369security@debian.org
Third Party Advisory
Hyperlink: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
Source: security@debian.org
Resource:
Vendor Advisory
Hyperlink: https://phabricator.wikimedia.org/T108138
Source: security@debian.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://security-tracker.debian.org/tracker/CVE-2017-0369
Source: security@debian.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

110Records found
CVE-2020-2191
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.70%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 12:40
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels.

Action-Not Available
Vendor-Jenkins
Product-self-organizing_swarm_modulesJenkins Self-Organizing Swarm Plug-in Modules Plugin
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2018-9085
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 34.29%
||
7 Day CHG~0.00%
Published-16 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing System x Flash Memory Write Protection Lock Bit

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.

Action-Not Available
Vendor-IBM CorporationLenovo Group Limited
Product-system_x3530_m4_firmwarebladecenter_hs23e_firmwareflex_system_x880_x6_firmwaresystem_x3100_m5_firmwaresystem_x3630_m4_firmwareflex_system_x222_m4_firmwaresystem_x3630_m4flex_system_x220flex_system_x220_m4_firmwaresystem_x3850_x6_firmwareflex_system_x280_x6system_x3650_m4_firmwareidataplex_dx360_m4_firmwarebladecentersystem_x3650_m4_hd_firmwaresystem_x3300_m4system_x3100_m4_firmwaresystem_x3250_m5system_x3650_m4_hdsystem_x3250_m4flex_system_x240_m4_firmwaresystem_x3750_m4_firmwareidataplex_dx360_m4_water_cooled_firmwareflex_system_x880_x6system_x3550_m4system_x3850_x6system_x3650_m4_bd_firmwaresystem_x3950_x6system_x3650_m4_bdbladecenter_hs23_firmwaresystem_x3750_m4system_x3550_m4_firmwareflex_system_x480_x6_firmwareidataplex_dx360_m4_flex_system_x222_m4system_x3950_x6_firmwaresystem_x3250_m4_firmwareflex_system_x480_x6system_x3100_m5system_x3500_m4_firmwaresystem_x3300_m4_firmwaresystem_x3500_m4system_x3100_m4system_x3250_m5_firmwaresystem_x3530_m4flex_system_x440_m4system_x3650_m4flex_system_x240_m4flex_system_x280_x6_firmwareflex_system_x440_m4_firmwareSystem x UEFI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-11689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.00% / 0.04%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-12101
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 56.35%
||
7 Day CHG~0.00%
Published-30 Apr, 2020 | 13:40
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address.

Action-Not Available
Vendor-xt-commercen/a
Product-xt-commercen/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-13922
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.83% / 73.61%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 09:40
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache DolphinScheduler (incubating) Permission vulnerability

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dolphinschedulerApache DolphinScheduler
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-264
Not Available
CVE-2020-15821
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.00% / 0.04%
||
7 Day CHG~0.00%
Published-08 Aug, 2020 | 20:15
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-11692
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.00% / 0.12%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-24343
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-26804
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.06%
||
7 Day CHG~0.00%
Published-04 May, 2021 | 16:49
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.

Action-Not Available
Vendor-n/aCENTREON
Product-centreon_webn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-4259
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.71%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-16 Sep, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_file_gatewaysolarislinux_kernelihp-uxwindowsaixSterling File Gateway
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found