Headline
CVE-2022-41767: reassignEdits doesn't update results in an IP range check on Special:Contributions
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup.
Risk Rating
Low
Author Affiliation
WMF Technology Dept
- Task Graph
- Mentions
Event Timeline
Restricted Application added a subscriber: Aklapper.
Reedy renamed this task from reassignEdits doesn’t seem to update a range check on Special:Contributions to reassignEdits doesn’t seem to update results in an IP range check on Special:Contributions.
Reedy changed Author Affiliation from N/A to WMF Technology Dept.
Reedy triaged this task as Low priority.
sbassett changed Risk Rating from N/A to Low.
Reedy changed the task status from Open to In Progress.
Reedy renamed this task from reassignEdits doesn’t seem to update results in an IP range check on Special:Contributions to reassignEdits doesn’t update results in an IP range check on Special:Contributions.
Reedy renamed this task from reassignEdits doesn’t update results in an IP range check on Special:Contributions to CVE-2022-41767: reassignEdits doesn’t update results in an IP range check on Special:Contributions.
Reedy closed this task as Resolved.
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL
Related news
Gentoo Linux Security Advisory 202305-24 - Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. Versions greater than or equal to 1.25.2 are affected.