PT-2023-18788 · Mediawiki+1 · Growthexperiments+1

Urbanecm_Wmf

Publicado

2023-01-11

Atualizado

2025-04-07

CVE-2023-22945

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions GrowthExperiments extension for MediaWiki versions 1.39 and earlier

Description The issue allows blocked users to enroll as mentors or edit their mentorship-related properties through the "growthmanagementorlist" API endpoint. This affects users blocked in ApiManageMentorList.

Recommendations For versions 1.39 and earlier, as a temporary workaround, consider disabling the growthmanagementorlist API endpoint until a patch is available. Restrict access to the ApiManageMentorList to minimize the risk of exploitation. Avoid using the growthmanagementorlist API endpoint until the issue is resolved.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

ALT-PU-2023-4877

ALT-PU-2024-11168

ALT-PU-2024-1228

BIT-MEDIAWIKI-2023-22945

CVE-2023-22945

Produtos afetados

Alt Linux

Growthexperiments

PT-2023-18788 · Mediawiki+1 · Growthexperiments+1

CVE-2023-22945

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 111