BIT-mediawiki-2022-39193

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/mediawiki/BIT-mediawiki-2022-39193.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-mediawiki-2022-39193
Aliases
Published
2024-03-06T11:04:25.976Z
Modified
2025-04-03T14:40:37.652Z
Summary
[none]
Details

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights.

Database specific
{
    "cpes": [
        "cpe:2.3:a:mediawiki:mediawiki:1.39.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc0:*:*:*:*:*:*",
        "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:mediawiki:mediawiki:1.39.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / mediawiki

Package

Name
mediawiki
Purl
pkg:bitnami/mediawiki

Severity

  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
1.39.0-rc0
Fixed
1.39.0
Introduced
1.39.0-rc1
Fixed
1.39.0
Introduced
1.39.0
Fixed
1.39.1
Introduced
1.39.1
Fixed
1.39.2