vulnerability
FreeBSD: VID-67057B48-41F4-11ED-86C3-080027881239 (CVE-2022-41766): mediawiki -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Sep 29, 2022 | Nov 4, 2022 | Jan 28, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Sep 29, 2022
Added
Nov 4, 2022
Modified
Jan 28, 2025
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-67057B48-41F4-11ED-86C3-080027881239:
Mediawiki reports:
(T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
in an IP range check on Special:Contributions..
(T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
of hidden users.
(T307278, CVE-2022-41766) SECURITY: On action=rollback the message
"alreadyrolled" can leak revision deleted user name.
Solution(s)
freebsd-upgrade-package-mediawiki135freebsd-upgrade-package-mediawiki137freebsd-upgrade-package-mediawiki138
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.