Published: 26/12/2022 Updated: 21/05/2023

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

An issue exists in MediaWiki prior to 1.35.8, 1.36.x and 1.37.x prior to 1.37.5, and 1.38.x prior to 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mediawiki mediawiki

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in restriction bypass, information leaks, cross-site scripting or denial of service For the stable distribution (bullseye), these problems have been fixed in version 1:1358-1~deb11u1 We recommend that you upgrade your mediawiki pac ...

DescriptionThe MITRE CVE dictionary describes this issue as: An issue was discovered in MediaWiki before 1358, 136x and 137x before 1375, and 138x before 1383 When changes made by an IP address are reassigned to a user (using reassignEditsphp), the changes will still be attributed to the IP address on Special:Contributions when doing ...

Severity Unknown Remote Unknown Type Unknown Description AVG-2823 mediawiki 1382-1 1383-1 Unknown Fixed phabricatorwikimediaorg/T316304 gerritwikimediaorg/r/c/mediawiki/core/+/836891 ...

NVD-CWE-noinfo https://phabricator.wikimedia.org/T316304 https://security.gentoo.org/glsa/202305-24 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5246

CVE-2022-41767

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect