PT-2023-6328 · Mediawiki+2 · Mediawiki+2

Mbq

Publicado

2023-10-06

Atualizado

2024-08-20

CVE-2023-45364

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki versions 1.36.x through 1.39.x before 1.39.5 MediaWiki versions 1.40.x before 1.40.1

Description An issue was discovered in includes/page/Article.php. Deleted revision existence is leaked due to incorrect permissions being checked, revealing a given revision ID belonged to the given page title and its timestamp, which are not supposed to be public information.

Recommendations For MediaWiki versions 1.36.x through 1.39.x before 1.39.5, update to version 1.39.5 or later. For MediaWiki versions 1.40.x before 1.40.1, update to version 1.40.1 or later.

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

ALT-PU-2023-6419

ALT-PU-2024-11168

ALT-PU-2024-1228

BDU:2023-07040

BIT-MEDIAWIKI-2023-45364

CVE-2023-45364

DSA-5520-1

MGASA-2024-0155

Produtos afetados

Alt Linux

Mediawiki

Red Os

PT-2023-6328 · Mediawiki+2 · Mediawiki+2

CVE-2023-45364

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 121