PT-2023-22166 · Mediawiki+1 · Mediawiki Checkuser Extension+1

Amandanp

Publicado

2023-03-31

Atualizado

2024-08-20

CVE-2023-29139

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MediaWiki CheckUser extension versions through 1.39.3

Description An issue in the CheckUser extension for MediaWiki can cause denial of service when a user with checkuserlog permissions makes many CheckUserLog API requests in certain configurations, resulting in a RequestTimeoutException or upstream request timeout.

Recommendations For versions through 1.39.3, consider restricting access to the CheckUserLog API endpoint to minimize the risk of denial of service attacks until a patch is available. As a temporary workaround, limiting the number of CheckUserLog API requests from users with checkuserlog permissions may also help mitigate the issue.

Exploit

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALT-PU-2023-4877

ALT-PU-2024-11168

ALT-PU-2024-1228

BIT-MEDIAWIKI-2023-29139

CVE-2023-29139

Produtos afetados

Alt Linux

Mediawiki Checkuser Extension

PT-2023-22166 · Mediawiki+1 · Mediawiki Checkuser Extension+1

CVE-2023-29139

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 107