Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #29645 MediaWiki standalone readers can also edit pages
    Infos
    #29645
    Robert Vogel (rvogel)
    2022-12-12 09:57
    2022-12-01 09:13
    31274
    Details
    MediaWiki standalone readers can also edit pages

    Authorizations are not properly verified when accessing to MediaWiki standalone resources.

    Impact

    Users with only the ability to read pages can also edit them.

    CVSSv3.1 score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

    References

    CWE 285
    CVE-2022-23473

    Mediawiki Standalone
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2022-12-06
    Attachments
    Empty
    References
    Referencing request #29645

    Git commit

    tuleap/tuleap/stable

    request #29645 Add additional permission settings for `plugins/mediawiki_standalone` 97cac78302
    rvogel , 2022-12-06 09:43
    Merge commit 'refs/changes/46/27346/7' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD fc1bfce2c0
    User avatar Nicolas Terray (nterray) , 2022-12-06 14:24
    fix: logs out users whenever MW permissions change 0fc13052a7
    User avatar Nicolas Terray (nterray) , 2022-12-06 15:46
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2022-12-07 10:12

    CVE-2022-23473 has been assigned to this issue.

    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    • Connected artifacts
    User avatar
    Thomas Gerbet (tgerbet)2022-12-06 14:40
    • Summary
      -Permission settings do not apply 
      +MediaWiki standalone readers can also edit pages 
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Thomas Gerbet (tgerbet)2022-12-01 16:38
    • Category set to Mediawiki Standalone
    • Status changed from New to Verified
    • Reported in version set to All