CVE-2022-28323
Description
The SecurePoll extension in MediaWiki up to 1.37.2 leaks information due to support for sorting by timestamp.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The SecurePoll extension in MediaWiki up to 1.37.2 leaks information due to support for sorting by timestamp.
Vulnerability
The SecurePoll extension in MediaWiki through version 1.37.2 allows a data leak because it supports sorting results by timestamp [1]. This feature exposes the chronological order of votes.
Exploitation
An attacker with access to the poll results page can observe the sort order by timestamp, potentially deducing the sequence in which votes were cast [1]. No authentication beyond normal poll viewing is required.
Impact
The vulnerability leads to information disclosure: an attacker can infer the relative timing of votes, which may reveal sensitive patterns or voting behavior [1]. The confidentiality of voting data is partially compromised.
Mitigation
The issue was reported in Phabricator [1]. The fix is expected in a future release. Users should update MediaWiki once a patched version is available.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <=1.37.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- gerrit.wikimedia.org/r/q/93758c4c13b972d240a6313e0472df1667118893mitrex_refsource_MISC
- gerrit.wikimedia.org/r/q/I9d3b9a942ea71d777ec32121fa36262f549d283dmitrex_refsource_MISC
- phabricator.wikimedia.org/T298434mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.