CVE-2023-29140

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GrowthExperiments extension for MediaWiki versions through 1.39.3

Description An issue in the GrowthExperiments extension for MediaWiki allows attackers to see edits for which the username has been hidden, due to a lack of check for rev deleted.

Recommendations For GrowthExperiments extension for MediaWiki versions through 1.39.3, consider updating to a version that includes a fix for this issue, as no specific workaround is provided in the available information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALT-PU-2023-4877

ALT-PU-2024-11168

ALT-PU-2024-1228

BIT-MEDIAWIKI-2023-29140

CVE-2023-29140

Affected Products

Alt Linux

Growthexperiments Extension For Mediawiki

CVE-2023-29140

Weakness Enumeration

Related Identifiers

Affected Products

References · 107