An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights.
References
Link | Resource |
---|---|
https://phabricator.wikimedia.org/T311337 | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-200 |
29 Mar 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights. |
02 Feb 2023, 16:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Mediawiki
Mediawiki mediawiki |
|
CWE | CWE-668 | |
CPE | cpe:2.3:a:mediawiki:mediawiki:1.39.1:*:*:*:*:*:*:* cpe:2.3:a:mediawiki:mediawiki:1.39.0:-:*:*:*:*:*:* cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc0:*:*:*:*:*:* cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc1:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | (MISC) https://phabricator.wikimedia.org/T311337 - Exploit, Issue Tracking, Patch, Third Party Advisory |
20 Jan 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-20 19:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-39193
Mitre link : CVE-2022-39193
CVE.ORG link : CVE-2022-39193
JSON object : View
Products Affected
mediawiki
- mediawiki
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor