First published: Thu Jan 12 2023(Updated: )
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MediaWiki MediaWiki | <1.35.9 | |
MediaWiki MediaWiki | >=1.36.0<1.38.5 | |
MediaWiki MediaWiki | =1.39.0 | |
MediaWiki MediaWiki | =1.39.0-rc0 | |
MediaWiki MediaWiki | =1.39.0-rc1 | |
Fedoraproject Fedora | =37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-47927 is a vulnerability discovered in MediaWiki before versions 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
The severity of CVE-2022-47927 is rated as medium with a severity score of 5.5.
CVE-2022-47927 affects MediaWiki installations before versions 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
To fix the vulnerability in MediaWiki, update to version 1.35.9, 1.38.5, or 1.39.1 depending on your installed version.
The references for CVE-2022-47927 are: [Reference 1](https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html), [Reference 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/), [Reference 3](https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/)