CVE-2022-28323

CVE-2022-28323

EPSS 1.3%

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gerrit.wikimedia.org/r/q/93758c4c13b972d240a6313e0472df1667118893 https://gerrit.wikimedia.org/r/q/I9d3b9a942ea71d777ec32121fa36262f549d283d https://phabricator.wikimedia.org/T298434