CVE-2022-28206: ⚓ T294256 FileImporter allows imports to cascade protected files when the importer does not have administrator permissions (CVE-2022-28206)

• Edit Task

• Mute Notifications

• Protect as security issue

• Award Token

• Flag For Later

Risk Rating

Low

Author Affiliation

Wikimedia Communities

• Mentions

Event Timeline

Restricted Application added a subscriber: Aklapper.

Dylsss renamed this task from FileImporter allows imports to cascade protected files when the importer does not have administartor permissions to FileImporter allows imports to cascade protected files when the importer does not have administrator permissions.

WMDE-Fisch set the point value for this task to 3.

sbassett renamed this task from FileImporter allows imports to cascade protected files when the importer does not have administrator permissions to FileImporter allows imports to cascade protected files when the importer does not have administrator permissions (CVE-2022-28206).

sbassett triaged this task as Low priority.

sbassett changed Author Affiliation from N/A to Wikimedia Communities.

sbassett changed the visibility from “Custom Policy” to "Public (No Login Required)".

sbassett changed Risk Rating from N/A to Low.

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL