Description

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with checkuser access.

Remediation

References

CVE-2022-39193

Related Vulnerabilities

Apache Tomcat Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4444)

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10101)

MySQL CVE-2016-0505 Vulnerability (CVE-2016-0505)

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.5.18.727)

WordPress Plugin WP Instagram-Best Instagram Feeds Cross-Site Scripting (1.0.19)

Severity

Medium

Classification

CVE-2022-39193 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities