vulnerability

FreeBSD: VID-67057B48-41F4-11ED-86C3-080027881239 (CVE-2022-41766): mediawiki -- multiple vulnerabilities

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Sep 29, 2022
Added
Nov 4, 2022
Modified
Jan 28, 2025

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-67057B48-41F4-11ED-86C3-080027881239:




Mediawiki reports:



(T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results


in an IP range check on Special:Contributions..


(T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence


of hidden users.


(T307278, CVE-2022-41766) SECURITY: On action=rollback the message


"alreadyrolled" can leak revision deleted user name.




Solution(s)

freebsd-upgrade-package-mediawiki135freebsd-upgrade-package-mediawiki137freebsd-upgrade-package-mediawiki138
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.