CVE-2022-47927

Description

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.

Related CPE's

amediawikimediawiki********

amediawikimediawiki********

amediawikimediawiki1.39.0rc0******

amediawikimediawiki1.39.0rc1******

amediawikimediawiki1.39.0-******

References

https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/

Mailing ListPatchRelease NotesVendor Advisory

https://phabricator.wikimedia.org/T322637

ExploitIssue TrackingPatchVendor Advisory

FEDORA-2023-30a7a812f0

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io