CVE-2022-39193

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39193

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39193.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-39193

Aliases

BIT-mediawiki-2022-39193

Published

2023-01-20T19:15:15Z

Modified

2025-04-03T22:12:53.282127Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights.

References

https://phabricator.wikimedia.org/T311337

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type: GIT
Repo: https://github.com/wikimedia/mediawiki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

5a344597a79683cecfbe958ef8c61020a0aac781

Last affected

c95fc4786beba034fa643062b98a60ccbde831fd

Affected versions

1.*

1.1.0

1.3.0beta1

1.39.0

1.39.0-rc.0

1.39.0-rc.1

1.39.1

1.5.0alpha1

1.5.0alpha2

1.5.0beta1

1.5.0beta2

1.5.0beta3

1.5.0beta4

1.6.0