CVE-2022-39193
5.3
MEDIUM
CVSS 3.1
EPSS 0.17%
Description
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights.
How to fix CVE-2022-39193
To remediate CVE-2022-39193, upgrade the affected package to a fixed version below.
- Bitnami/mediawiki—upgrade to 1.39.2 or later
Is CVE-2022-39193 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.39.0, < 1.39.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |