---

CVE-2022-28205 - log back

CVE-2022-28205 edited at 12 Apr 2022 21:07:30
Severity	- Unknown + Critical

CVE-2022-28205 edited at 12 Apr 2022 21:04:26
Notes	- needs more research + pkgbuild does not build affected extension

CVE-2022-28205 created at 06 Apr 2022 13:32:01
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description	+ An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.
References	+ https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/765335 + https://phabricator.wikimedia.org/T302248
Notes	+ needs more research