Lucene search

K

GoogleOSV:CVE-2022-47927

HistoryJan 12, 2023 - 6:15 a.m.

CVE-2022-47927

2023-01-1206:15:08

Google

osv.dev

5

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.

References

lists.debian.org/debian-lts-announce/2023/07/msg00011.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/

lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/

phabricator.wikimedia.org/T322637

security.gentoo.org/glsa/202305-24

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

Related for OSV:CVE-2022-47927

cnvd1 debiancve1 cve1 osv2 nessus3 prion1 cvelist1 openvas5 veracode1 redhatcve1 debian1 ubuntucve1 mageia1 fedora1 gentoo1