Headline
CVE-2022-23473: MediaWiki standalone readers can also edit pages
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue is patched in versions Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5, and Tuleap Enterprise Edition 14.1-6.
Submitted byRobert Vogel (rvogel)
Last Modified On2022-12-12 09:57
Submitted on2022-12-01 09:13
Rank31101
Summary *
MediaWiki standalone readers can also edit pages
Original Submission
Authorizations are not properly verified when accessing to MediaWiki standalone resources.
Impact
Users with only the ability to read pages can also edit them.
CVSSv3.1 score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
References
CWE 285
CVE-2022-23473
CategoryMediawiki Standalone
Reported in versionAll
PlatformEmpty
Is an Enhancement or an internal improvement?
- [ ] enhancement
- [ ] internal improvement
CC listEmpty
StatusClosed
Close date2022-12-06