CVE-2022-41767
Last modified
CVE-2022-41767 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup.. EPSS estimates a 0.64% chance of exploitation in the next 30 days.
Description
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | < 1.35.8 |
| Mediawiki | Mediawiki | >= 1.36.0, < 1.37.5 |
| Mediawiki | Mediawiki | >= 1.38.0, < 1.38.3 |
References
- https://phabricator.wikimedia.org/T316304Issue Tracking, Patch, Vendor Advisory
- https://phabricator.wikimedia.org/T316304Issue Tracking, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-41767?
How severe is CVE-2022-41767?
How do I fix CVE-2022-41767?
Are you affected by CVE-2022-41767?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST