CVE-2022-29903 — MEDIUM (4.3)

Q: How severe is CVE-2022-29903?

CVE-2022-29903 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-29903?

Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.

Vulnerability Description

The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Mediawiki	Mediawiki	<= 1.37.2

Related Weaknesses (CWE)

CWE-352

References

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PrivateDomains/+/783416Release NotesVendor Advisory
https://phabricator.wikimedia.org/T306290ExploitIssue TrackingPatch
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PrivateDomains/+/783416Release NotesVendor Advisory
https://phabricator.wikimedia.org/T306290ExploitIssue TrackingPatch

FAQ

What is CVE-2022-29903?

CVE-2022-29903 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must t...

How severe is CVE-2022-29903?

CVE-2022-29903 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29903?

Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.