PT-2022-18872 · Mediawiki+1 · Mediawiki+1

Amir Sarabadani

+1

·

Published

2022-04-18

·

Updated

2024-03-06

·

CVE-2022-28203

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.35.6 MediaWiki versions 1.36.x prior to 1.36.4 MediaWiki versions 1.37.x prior to 1.37.2
Description A denial-of-service issue was discovered in MediaWiki. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.
Recommendations For MediaWiki versions prior to 1.35.6, update to version 1.35.6 or later. For MediaWiki versions 1.36.x prior to 1.36.4, update to version 1.36.4 or later. For MediaWiki versions 1.37.x prior to 1.37.2, update to version 1.37.2 or later. As a temporary workaround, consider restricting access to the Special:NewFiles page with the actor condition until a patch is available.

Exploit

Fix

DoS

Weakness Enumeration

CWE-763

Related Identifiers

ALT-PU-2022-2140
ALT-PU-2022-2428
BIT-MEDIAWIKI-2022-28203
CVE-2022-28203
DLA-3117-1
DSA-5246-1
MGASA-2022-0145

Affected Products

Alt Linux
Mediawiki