Mediawiki · Growthexperiments · CVE-2023-29137
**Name of the Vulnerable Software and Affected Versions**
GrowthExperiments extension for MediaWiki versions through 1.39.3
**Description**
An issue in the GrowthExperiments extension for MediaWiki allows the UserImpactHandler to inadvertently return the timezone preference for arbitrary users. This can be used to de-anonymize users.
**Recommendations**
For versions through 1.39.3, consider disabling the UserImpactHandler for GrowthExperiments until a patch is available to prevent the potential de-anonymization of users.