CVE Vulnerabilities

CVE-2022-28206

Published: Mar 30, 2022 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.

Affected Software

Name Vendor Start Version End Version
Mediawiki Mediawiki * 1.37.1 (including)

References