PT-2023-15531 · Mediawiki+1 · Mediawiki+1

Bawolff

Publicado

2023-01-12

Atualizado

2025-04-08

CVE-2022-47927

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.35.9 MediaWiki versions 1.36.x through 1.38.x before 1.38.5 MediaWiki versions 1.39.x before 1.39.1

Description An issue was discovered in MediaWiki when installing with a pre-existing data directory that has weak permissions. The SQLite files are created with file mode 0644, making them world-readable to local users. These files include credentials data.

Recommendations For MediaWiki versions prior to 1.35.9, update to version 1.35.9 or later. For MediaWiki versions 1.36.x through 1.38.x before 1.38.5, update to version 1.38.5 or later. For MediaWiki versions 1.39.x before 1.39.1, update to version 1.39.1 or later. As a temporary workaround, consider restricting access to the SQLite files to minimize the risk of exploitation.

Exploit

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

ALT-PU-2023-4877

ALT-PU-2024-11168

ALT-PU-2024-1228

BIT-MEDIAWIKI-2022-47927

CVE-2022-47927

DLA-3489-1

MGASA-2023-0204

Produtos afetados

Alt Linux

Mediawiki

PT-2023-15531 · Mediawiki+1 · Mediawiki+1

CVE-2022-47927

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 127