CVE-2022-28205

Description

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.

How to fix CVE-2022-28205

To remediate CVE-2022-28205, upgrade the affected package to a fixed version below.

• Bitnami/mediawiki—upgrade to 1.37.2 or later

Is CVE-2022-28205 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.37.2

CVSS scores

References (4)

• WEBgerrit.wikimedia.org/r/q/Ic6ba1a37b78df5b342ceeba4c1493dbde583b81f
• WEBnvd.nist.gov/vuln/detail/CVE-2022-28205
• WEBphabricator.wikimedia.org/T302248
• WEBsecurity.gentoo.org/glsa/202305-24