FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- multiple vulnerabilities

Affected packages
mediawiki135 < 1.35.8
mediawiki137 < 1.37.6
mediawiki138 < 1.38.4


VuXML ID 67057b48-41f4-11ed-86c3-080027881239
Discovery 2022-09-29
Entry 2022-10-02

Mediawiki reports:

(T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions..

(T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence of hidden users.

(T307278, CVE-2022-41766) SECURITY: On action=rollback the message "alreadyrolled" can leak revision deleted user name.


CVE Name CVE-2022-41765
CVE Name CVE-2022-41766
CVE Name CVE-2022-41767