Published: 12/01/2023 Updated: 07/11/2023

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

An issue exists in MediaWiki prior to 1.35.9, 1.36.x up to and including 1.38.x prior to 1.38.5, and 1.39.x prior to 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mediawiki mediawiki
mediawiki mediawiki 1.39.0
fedoraproject fedora 37

DescriptionThe MITRE CVE dictionary describes this issue as: An issue was discovered in MediaWiki before 1359, 136x through 138x before 1385, and 139x before 1391 When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, ie, world readable to local users These fil ...

CWE-732 https://phabricator.wikimedia.org/T322637 https://security.gentoo.org/glsa/202305-24 https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-47927

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-47927

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect