Lucene search

K
freebsdFreeBSD5AB54EA0-FA94-11EC-996C-080027B24E86
HistoryMay 16, 2022 - 12:00 a.m.

mediawiki -- multiple vulnerabilities

2022-05-1600:00:00
vuxml.freebsd.org
22

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

0.003 Low

EPSS

Percentile

68.9%

Mediawiki reports:

(T308471) Username is not escaped in the “welcomeuser” message.
(T308473) Username not escaped in the contributions-title message.
(T309377, CVE-2022-29248) Update “guzzlehttp/guzzle” to version 6.5.6.
(T311384, CVE-2022-27776) Update “guzzlehttp/guzzle” to 6.5.8/7.4.5.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmediawiki135< 1.35.7UNKNOWN
FreeBSDanynoarchmediawiki137< 1.37.3UNKNOWN
FreeBSDanynoarchmediawiki138< 1.38.2UNKNOWN

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

0.003 Low

EPSS

Percentile

68.9%