PT-2023-8951 · Mediawiki+2 · Mediawiki Checkuser Extension+2

Dom_Walden

Publicado

2023-10-08

Atualizado

2024-08-20

CVE-2023-45367

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions MediaWiki CheckUser extension versions 1.35.12 and earlier, versions 1.36.x through 1.39.x before 1.39.5, and versions 1.40.x before 1.40.1

Description An issue was discovered in the CheckUser extension for MediaWiki. A user can use a "rest.php/checkuser/v0/useragent-clienthints/revision/" URL to store an arbitrary number of rows in cu useragent clienthints, leading to a denial of service. The exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For MediaWiki CheckUser extension versions 1.35.12 and earlier, update to version 1.35.12 or later. For MediaWiki CheckUser extension versions 1.36.x through 1.39.x before 1.39.5, update to version 1.39.5 or later. For MediaWiki CheckUser extension versions 1.40.x before 1.40.1, update to version 1.40.1 or later. As a temporary workaround, consider restricting access to the "rest.php/checkuser/v0/useragent-clienthints/revision/" URL to minimize the risk of exploitation.

Exploit

Correção

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-404

Identificadores relacionados

ALT-PU-2023-6419

ALT-PU-2024-11168

ALT-PU-2024-1228

BDU:2024-02753

BIT-MEDIAWIKI-2023-45367

CVE-2023-45367

Produtos afetados

Alt Linux

Mediawiki Checkuser Extension

Red Os

PT-2023-8951 · Mediawiki+2 · Mediawiki Checkuser Extension+2

CVE-2023-45367

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 107