AVG-2676 log

Package mediawiki
Status Not affected
Severity Critical
Type unknown
Affected 1.37.1-1
Fixed 1.37.2-1
Current 1.38.2-1 [community]
Ticket None
Created Tue Apr 12 20:59:40 2022
Issue Severity Remote Type Description
CVE-2022-28209 Critical Unknown Unknown
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.
CVE-2022-28206 Critical Unknown Unknown
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.
CVE-2022-28205 Critical Unknown Unknown
An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.
Notes
affected extensions not included