vulnerability

MediaWiki: Incorrect Permission Assignment for Critical Resource (CVE-2022-41766)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	May 29, 2023	Jun 7, 2023	Jan 28, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

May 29, 2023

Added

Jun 7, 2023

Modified

Jan 28, 2025

Description

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed).

Solution(s)

mediawiki-upgrade-1_35_8mediawiki-upgrade-1_37_5mediawiki-upgrade-1_38_3

References

CVE-2022-41766
https://attackerkb.com/topics/CVE-2022-41766
URL-https://phabricator.wikimedia.org/T307278

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today