CVE-2022-28204 is a high-severity denial-of-service (DoS) vulnerability affecting MediaWiki versions 1.37.x prior to 1.37.2. The vulnerability arises from the inefficient rendering process of a specific URL endpoint: w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1. This endpoint is used to display pages that link to a particular property within the MediaWiki instance. Due to the way MediaWiki processes this request, rendering can take more than thirty seconds, which is significantly longer than normal response times. This prolonged processing time can be exploited by attackers to overwhelm the server with multiple such requests, leading to a denial-of-service condition. The vulnerability is classified under CWE-400, which relates to uncontrolled resource consumption, indicating that the root cause is excessive resource usage triggered by crafted requests. The CVSS v3.1 base score is 7.5, reflecting a high severity level, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). There are no known exploits in the wild as of the published date, and no vendor or product name is explicitly provided, but the affected software is MediaWiki, a widely used open-source wiki platform. No patch links are provided, but the fixed version is 1.37.2, indicating that upgrading to this or later versions mitigates the issue.

For European organizations using MediaWiki 1.37.x versions prior to 1.37.2, this vulnerability presents a significant risk of service disruption. MediaWiki is commonly used for internal knowledge bases, documentation, and collaborative content management in enterprises, educational institutions, and government agencies. A successful exploitation could lead to denial-of-service conditions, rendering the wiki inaccessible to legitimate users. This can disrupt business operations, knowledge sharing, and critical documentation access. Given that no authentication or user interaction is required to trigger the vulnerability, attackers can remotely launch denial-of-service attacks over the network, potentially from anywhere. This increases the attack surface and risk of widespread disruption. Additionally, the prolonged server processing could increase resource consumption, potentially leading to increased operational costs or collateral impact on other services hosted on the same infrastructure. While no confidentiality or integrity impact is noted, availability degradation alone can have serious operational consequences, especially for organizations relying heavily on MediaWiki for daily workflows.

European organizations should prioritize upgrading MediaWiki installations to version 1.37.2 or later, where this vulnerability is addressed. If immediate upgrade is not feasible, organizations can implement rate limiting on the affected URL endpoint to restrict the number of requests per IP address, thereby reducing the risk of resource exhaustion. Web application firewalls (WAFs) can be configured to detect and block suspicious patterns targeting the Special:WhatLinksHere page with the specific query parameters involved. Monitoring server performance and logs for unusually long response times or spikes in requests to this endpoint can provide early detection of exploitation attempts. Additionally, organizations should consider isolating MediaWiki servers behind reverse proxies or load balancers that can absorb or mitigate volumetric attacks. Regular security audits and vulnerability scanning should include checks for this CVE to ensure timely remediation. Finally, educating administrators about the risks of exposing such endpoints publicly without protection can reduce attack vectors.