{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39193", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T12:00:42.357Z", "dateReserved": "2022-09-02T00:00:00", "datePublished": "2023-01-20T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-03-29T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://phabricator.wikimedia.org/T311337"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:42.357Z"}, "title": "CVE Program Container", "references": [{"url": "https://phabricator.wikimedia.org/T311337", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:-:*:*:*:*:*:*", "matchCriteriaId": "243E4420-7054-4190-8270-76E09207FC9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "90D9672A-851F-46B0-AA0D-35991D7802E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "5141FCFC-D842-49B8-9385-5EE2DB6E7BFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.1:*:*:*:*:*:*:*", "matchCriteriaId": "4A716F56-5EB8-4ECA-9F7E-A701AA0D89EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en la extensi\u00f3n CheckUser para MediaWiki hasta 1.39.x. Varios componentes de esta extensi\u00f3n pueden exponer informaci\u00f3n sobre qui\u00e9n realiza las ediciones y las acciones registradas. Esta informaci\u00f3n no deber\u00eda permitir la visualizaci\u00f3n p\u00fablica: se supone que s\u00f3lo debe ser visible para usuarios con derechos de supresi\u00f3n."}], "id": "CVE-2022-39193", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-20T19:15:15.250", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://phabricator.wikimedia.org/T311337"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "mediawiki: Edits with the performer suppressed still show the performer in results from the CheckUser extension", "id": "2163610", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163610"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-200", "details": ["An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights."], "name": "CVE-2022-39193", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "mediawiki", "product_name": "Red Hat OpenShift Container Platform 3.11"}], "public_date": "2023-01-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-39193\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-39193"], "threat_severity": "Low"}