CVE-2022-41767Sensitive Information Exposure in Mediawiki

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 52.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedDec 26

Description

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.35.8-1 (bookworm)
NVDmediawiki/mediawiki1.36.01.37.5+2
Debianmediawiki/mediawiki< 1:1.35.8-1~deb11u1+3

Patches

Patch: phabricator.wikimedia.orgPatch: phabricator.wikimedia.org

🔴Vulnerability Details

2
OSV
CVE-2022-41767: An issue was discovered in MediaWiki before 12022-12-26
GHSA
GHSA-4jqr-r4vf-pqw6: An issue was discovered in MediaWiki before 12022-12-26

📋Vendor Advisories

2
Red Hat
mediawiki: reassignEdits doesn't update results in an IP range check on Special:Contributions2022-12-26
Debian
CVE-2022-41767: mediawiki - An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.3...2022
CVE-2022-41767 — Sensitive Information Exposure | cvebase