Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-29906
CVE-2022-29906:
NixOS vulnerability analysis and mitigation
Overview
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before commit 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) contains a security vulnerability where it omits a check for the quizadmin user. This vulnerability was discovered and disclosed on April 29, 2022 (NVD, MITRE).
Technical details
The vulnerability exists in the admin API module of the QuizGame extension, where it fails to properly validate user permissions by omitting a check for the quizadmin user role. This security oversight could potentially allow unauthorized users to access administrative functions (NVD).
Impact
The vulnerability could allow unauthorized users to gain access to administrative functions within the QuizGame extension, potentially compromising the security and integrity of the quiz system (NVD).
Mitigation and workarounds
The vulnerability has been fixed in commit 665e33a68f6fa1167df99c0aa18ed0157cdf9f66. Users are advised to update their QuizGame extension to a version containing this fix (NVD).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management