Description

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with checkuser access.

Remediation

References

CVE-2022-39193

Related Vulnerabilities

Jenkins CVE-2013-0329 Vulnerability (CVE-2013-0329)

WordPress Plugin WP Comment Remix SQL Injection and HTML Injection Vulnerabilities (1.4.3)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-19212)

Drupal Core 8.x Multiple Security Bypass Vulnerabilities (8.0.0 - 8.3.6)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2060)

Severity

Medium

Classification

CVE-2022-39193 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities