CVE-2017-0367 in MediaWiki
Summary
by MITRE
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/27/2023
The vulnerability identified as CVE-2017-0367 affects MediaWiki versions prior to 1.28.1 and 1.27.2, specifically addressing an insecure temporary directory usage flaw that exposes systems to potential security risks. This issue stems from the default configuration where the LocalisationCache directory is set to use the system's temporary directory, creating an insecure operational environment that can be exploited by malicious actors. The vulnerability represents a critical weakness in the application's file handling mechanisms and system security posture.
The technical flaw manifests in the improper handling of temporary files and cache directories within MediaWiki's localization functionality. When the LocalisationCache directory defaults to the system tmp directory, it creates a scenario where temporary files containing localized content and cache data are stored in locations that may be accessible to unauthorized users or processes. This insecure default configuration allows for potential information disclosure, privilege escalation, or arbitrary code execution depending on the system's security controls and the attacker's access level. The vulnerability falls under CWE-377 which specifically addresses insecure temporary files and directories, making it particularly concerning for web applications that handle sensitive data.
The operational impact of this vulnerability extends beyond simple data exposure, as it can enable attackers to manipulate cached localization data, potentially leading to cross-site scripting attacks or injection of malicious content into web pages. The insecure use of system temporary directories creates attack surface opportunities where an attacker with access to the system could read or modify temporary files, leading to information leakage or service disruption. In environments where MediaWiki serves as a content management platform for organizations, this vulnerability could compromise the integrity of localized content and potentially provide attackers with footholds for further exploitation. The risk is amplified when the system's temporary directory is not properly secured or when multiple applications share the same temporary space.
Mitigation strategies for CVE-2017-0367 require immediate attention through configuration changes that explicitly set the LocalisationCache directory to a secure, application-specific location outside of the system temporary directory. Organizations should implement proper file permissions and access controls on the designated cache directory, ensuring that only the web server process can read and write to these locations. The recommended approach involves modifying the MediaWiki configuration to specify a dedicated cache directory with restricted permissions, typically using absolute paths that are not shared with other system components. System administrators should also consider implementing monitoring for unauthorized access attempts to these directories and regularly audit file access patterns to detect potential exploitation attempts. This vulnerability aligns with ATT&CK technique T1059 which involves executing malicious code through compromised applications, and T1078 which covers legitimate credentials use for persistence. The fix requires updating to MediaWiki versions 1.28.1 or 1.27.2 where the default behavior has been corrected to prevent the insecure use of system temporary directories for localization cache storage.