CVE-2023-29141

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.35.10 MediaWiki versions 1.36.x through 1.38.x before 1.38.6 MediaWiki versions 1.39.x before 1.39.3

Description An issue was discovered in MediaWiki where an auto-block can occur for an untrusted X-Forwarded-For header.

Recommendations For MediaWiki versions prior to 1.35.10, update to version 1.35.10 or later. For MediaWiki versions 1.36.x through 1.38.x before 1.38.6, update to version 1.38.6 or later. For MediaWiki versions 1.39.x before 1.39.3, update to version 1.39.3 or later.

Exploit

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

ALT-PU-2023-4877

ALT-PU-2024-11168

ALT-PU-2024-1228

BIT-MEDIAWIKI-2023-29141

CVE-2023-29141

DLA-3540-1

DSA-5447-1

GHSA-5VJ8-G3QG-4QH6

MGASA-2023-0204

Affected Products

Alt Linux

Mediawiki

CVE-2023-29141

Weakness Enumeration

Related Identifiers

Affected Products

References · 138