Lucene search

[email protected]NVD:CVE-2022-28201

HistorySep 19, 2022 - 9:15 p.m.

CVE-2022-28201

2022-09-1921:15:09

CWE-674

[email protected]

web.nvd.nist.gov

mediawiki

infinite recursion

editinterface

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.5%

JSON

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.

Affected configurations

NVD

Node

mediawikimediawikiRange<1.35.6

mediawikimediawikiRange1.36.0–1.36.4

mediawikimediawikiRange1.37.0–1.37.2

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

References

blog.legoktm.com/2022/07/03/a-belated-writeup-of-cve-2022-28201-in-mediawiki.html

lists.debian.org/debian-lts-announce/2022/09/msg00027.html

phabricator.wikimedia.org/T297571

www.debian.org/security/2022/dsa-5246

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.5%

JSON

Related for NVD:CVE-2022-28201

cvelist1 osv4 ubuntucve1 veracode1 cve1 prion1 debiancve1 openvas5 freebsd1 mageia1 nessus3 debian2