CVE-2022-29547 - Vulnerability Details - OpenCVE

The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised (or blocked) user being able to edit a page.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00168.

Key SSVC decision points have not yet been added.

Vendors	Products
Mediawiki	Createredirect

Configuration 1 [-]

cpe:2.3:a:mediawiki:createredirect:*:*:*:*:*:mediawiki:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-33882	The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised (or blocked) user being able to edit a page.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CreateRedirect/+/780567
https://phabricator.miraheze.org/T9061
https://phabricator.wikimedia.org/T306174

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-04-21T00:57:44

Updated: 2024-08-03T06:26:06.260Z

Reserved: 2022-04-21T00:00:00

Link: CVE-2022-29547

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-04-21T01:15:07.087

Modified: 2024-11-21T06:59:17.963

Link: CVE-2022-29547

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised (or blocked) user being able to edit a page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-21T00:57:44", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://phabricator.wikimedia.org/T306174"}, {"tags": ["x_refsource_MISC"], "url": "https://phabricator.miraheze.org/T9061"}, {"tags": ["x_refsource_MISC"], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CreateRedirect/+/780567"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-29547", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised (or blocked) user being able to edit a page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://phabricator.wikimedia.org/T306174", "refsource": "MISC", "url": "https://phabricator.wikimedia.org/T306174"}, {"name": "https://phabricator.miraheze.org/T9061", "refsource": "MISC", "url": "https://phabricator.miraheze.org/T9061"}, {"name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CreateRedirect/+/780567", "refsource": "MISC", "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CreateRedirect/+/780567"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:26:06.260Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://phabricator.wikimedia.org/T306174"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://phabricator.miraheze.org/T9061"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CreateRedirect/+/780567"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-29547", "datePublished": "2022-04-21T00:57:44", "dateReserved": "2022-04-21T00:00:00", "dateUpdated": "2024-08-03T06:26:06.260Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:createredirect:*:*:*:*:*:mediawiki:*:*", "matchCriteriaId": "AA65BA0A-4889-463A-B18D-C6803748845A", "versionEndExcluding": "2022-04-14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised (or blocked) user being able to edit a page."}, {"lang": "es", "value": "La extensi\u00f3n CreateRedirect versiones anteriores a 14-04-2022 para MediaWiki, no comprueba apropiadamente si el usuario presenta permisos para editar la p\u00e1gina de destino. Esto podr\u00eda conllevar a que un usuario no autorizado (o bloqueado) pudiera editar una p\u00e1gina"}], "id": "CVE-2022-29547", "lastModified": "2024-11-21T06:59:17.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-21T01:15:07.087", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CreateRedirect/+/780567"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://phabricator.miraheze.org/T9061"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://phabricator.wikimedia.org/T306174"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CreateRedirect/+/780567"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://phabricator.miraheze.org/T9061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://phabricator.wikimedia.org/T306174"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}