CVE-2022-39193

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
mediawikimediawiki
1.39.0
mediawikimediawiki
1.39.0:rc0
mediawikimediawiki
1.39.0:rc1
mediawikimediawiki
1.39.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://phabricator.wikimedia.org/T311337
https://phabricator.wikimedia.org/T311337