•  
      request #29645 MediaWiki standalone readers can also edit pages
    Infos
    #29645
    Robert Vogel (rvogel)
    2022-12-12 09:57
    2022-12-01 09:13
    31233
    Details
    MediaWiki standalone readers can also edit pages

    Authorizations are not properly verified when accessing to MediaWiki standalone resources.

    Impact

    Users with only the ability to read pages can also edit them.

    CVSSv3.1 score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

    References

    CWE 285
    CVE-2022-23473

    Mediawiki Standalone
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2022-12-06
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2022-12-07 10:12

    CVE-2022-23473 has been assigned to this issue.


    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    • Connected artifacts
    User avatar
    Thomas Gerbet (tgerbet)2022-12-06 14:40
    • Summary
      -Permission settings do not apply 
      +MediaWiki standalone readers can also edit pages 
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Thomas Gerbet (tgerbet)2022-12-01 16:38
    • Category set to Mediawiki Standalone
    • Status changed from New to Verified
    • Reported in version set to All