VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-5ykj-qpb6-fybf

Essentials
Severities (3)
References (24)
Severity details (2)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5ykj-qpb6-fybf
Aliases	CVE-2022-28203
Summary	A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.
Status	Published
Exploitability	0.5
Weighted Severity	0.0
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-763

Release of Invalid Pointer or Reference

System	Score	Found at
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2022-28203
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-28203
archlinux	Unknown	https://security.archlinux.org/AVG-2823

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-28203
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
		https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html
		https://phabricator.wikimedia.org/T297731
		https://www.debian.org/security/2022/dsa-5246
AVG-2823		https://security.archlinux.org/AVG-2823
cpe:2.3:a:mediawiki:mediawiki::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
CVE-2022-28203		https://nvd.nist.gov/vuln/detail/CVE-2022-28203

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-28203

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.35539
EPSS Score	0.00144
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T11:52:43.042188+00:00	Arch Linux Importer	Import	https://security.archlinux.org/AVG-2823	36.1.3