Description

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.

Remediation

References

CVE-2022-28201

Related Vulnerabilities

MediaWiki Other Vulnerability (CVE-2006-0322)

WordPress Plugin User Role Editor Cross-Site Request Forgery (3.12)

ownCloud Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-31649)

WordPress Plugin Tutor LMS Elementor Addons Cross-Site Scripting (2.1.3)

OpenSSL Observable Discrepancy Vulnerability (CVE-2022-4304)

Severity

Medium

Classification

CVE-2022-28201 CWE-674 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities