PRIOn knowledge basePRION:CVE-2022-47927

HistoryJan 12, 2023 - 6:15 a.m.

Code injection

2023-01-1206:15:00

PRIOn knowledge base

www.prio-n.com

mediawiki

installation

weak permissions

sqlite

file mode vulnerability

credentials data

nvd

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.

CPENameOperatorVersion
fedoraeq37
mediawikilt1.35.9
mediawikige1.36.0
mediawikilt1.38.5
mediawikieq1.39.0 rc0
mediawikieq1.39.0 rc1
mediawikieq1.39.0

Name	Operator	Version
fedora	eq	37
mediawiki	lt	1.35.9
mediawiki	ge	1.36.0
mediawiki	lt	1.38.5
mediawiki	eq	1.39.0 rc0
mediawiki	eq	1.39.0 rc1
mediawiki	eq	1.39.0

References

lists.debian.org/debian-lts-announce/2023/07/msg00011.html

lists.fedoraproject.org/archives/list/[email protected]/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/

lists.wikimedia.org/hyperkitty/list/[email protected]/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/

phabricator.wikimedia.org/T322637

security.gentoo.org/glsa/202305-24