CVE-2023-45369

Name of the Vulnerable Software and Affected Versions MediaWiki PageTriage extension versions prior to 1.35.12 MediaWiki PageTriage extension versions 1.36.x through 1.39.x before 1.39.5 MediaWiki PageTriage extension versions 1.40.x before 1.40.1

Description An issue was discovered in the PageTriage extension for MediaWiki, where usernames of hidden users are exposed. This could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For MediaWiki PageTriage extension versions prior to 1.35.12, update to version 1.35.12 or later. For MediaWiki PageTriage extension versions 1.36.x through 1.39.x, update to version 1.39.5 or later. For MediaWiki PageTriage extension versions 1.40.x, update to version 1.40.1 or later.