Description

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with checkuser access.

Remediation

References

CVE-2022-39193

Related Vulnerabilities

MySQL CVE-2022-21451 Vulnerability (CVE-2022-21451)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9449)

IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7440)

WordPress Plugin Maintenance Mode Unspecified Vulnerability (1.3.3)

Microsoft SQL Server Other Vulnerability (CVE-2000-0485)

Severity

Medium

Classification

CVE-2022-39193 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities