CVE-2022-39194 : An issue was discovered in the MediaWiki through 1.38.2. The community configura

An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed.

Published 2022-09-02 05:15:08

Updated 2022-09-07 20:33:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2022-39194

Mediawiki » Mediawiki
Versions up to, including, (<=) 1.38.2
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-39194

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-39194

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H	1.2	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-39194

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-39194

https://phabricator.wikimedia.org/T313205

⚓ T313205 CVE-2022-39194: Growth's Community configuration makes it possible for rogue admin to take down a site
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-39194

Products affected by CVE-2022-39194

Exploit prediction scoring system (EPSS) score for CVE-2022-39194

CVSS scores for CVE-2022-39194

CWE ids for CVE-2022-39194

References for CVE-2022-39194