BIT-mediawiki-2022-39193

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mediawiki/BIT-mediawiki-2022-39193.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-mediawiki-2022-39193

Aliases

CVE-2022-39193

Published

2024-03-06T11:04:25.976Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights.

Database specific

{
    "cpes": [
        "cpe:2.3:a:mediawiki:mediawiki:1.39.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc0:*:*:*:*:*:*",
        "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:mediawiki:mediawiki:1.39.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / mediawiki

Package

Name: mediawiki
Purl: pkg:bitnami/mediawiki

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

1.39.0-rc0

Fixed

1.39.0

Introduced

1.39.0-rc1

Fixed

1.39.0

Introduced

1.39.0

Fixed

1.39.1

Introduced

1.39.1

Fixed

1.39.2