CVE-2022-28206

EUVD-2022-32660
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
mediawikimediawiki
𝑥
≤ 1.37.1
𝑥
= Vulnerable software versions
References
https://gerrit.wikimedia.org/r/q/I84be9cd3639b8ab0e037a4ec2d3f2f478f0989c5
https://phabricator.wikimedia.org/T294256
https://security.gentoo.org/glsa/202305-24
https://gerrit.wikimedia.org/r/q/I84be9cd3639b8ab0e037a4ec2d3f2f478f0989c5
https://phabricator.wikimedia.org/T294256
https://security.gentoo.org/glsa/202305-24