SB2022040806 - Multiple vulnerabilities in MediaWiki

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022040806

SB2022040806 - Multiple vulnerabilities in MediaWiki

Published: April 8, 2022

Security Bulletin ID SB2022040806
Severity
High
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 23% Medium 54% Low 23%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2022-28324)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the Echo does not set X-Forwarded-For for internal API requests, some of which get logged to CU.


2) Cross-site scripting (CVE-ID: CVE-2022-28326)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in GrowthExperiments. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


3) Information disclosure (CVE-ID: CVE-2022-28325)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to mobile version of Special:Contributions leaks existence of globally suppressed users. A remote attacker can gain unauthorized access to sensitive information on the system.


4) Information disclosure (CVE-ID: CVE-2022-28323)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to SecurePoll leaks voter's exact vote timestamp. A remote attacker can gain unauthorized access to sensitive information on the system.


5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-28206)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the FileImporter allows imports to cascade protected files when the importer does not have administrator permissions.


6) Information disclosure (CVE-ID: CVE-2022-28207)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to Special:Impact leaks suppressed usernames. A remote attacker can gain unauthorized access to sensitive information on the system.


7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-28205)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the CentralAuth extension mishandles a ttl issue for groups expiring in the future, which leads to security restrictions bypass and privilege escalation.


8) Cross-site scripting (CVE-ID: CVE-2022-28208)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in WikibaseClient edit hook. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


9) Uncontrolled Recursion (CVE-ID: CVE-2021-28210)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to an unlimited recursion in DxeCore. A local user can execute arbitrary code on the target system.


10) Input validation error (CVE-ID: CVE-2022-28211)

The vulnerability allows a remote  user to perform a denial of service (DoS) attack.

The vulnerability exists due to the TimedMediaHandler does not prevent blocked users from restarting transcodes.


11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-28209)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect check for the override-antispoof permission in the AntiSpoof extension, which leads to security restrictions bypass and privilege escalation.


12) Information disclosure (CVE-ID: CVE-2022-28212)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to that it is impossible to oversight who has reviewed a revision via FlaggedRevs. A remote attacker can gain unauthorized access to sensitive information on the system.


13) Information disclosure (CVE-ID: CVE-2022-28322)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the global rename log shows timestamp of suppressed action. A remote attacker can gain unauthorized access to sensitive information on the system.


Remediation

Install update from vendor's website.

References