PT-2023-6328 · Mediawiki+2 · Mediawiki+2

Mbq

Published

2023-10-06

Updated

2024-08-20

CVE-2023-45364

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki versions 1.36.x through 1.39.x before 1.39.5 MediaWiki versions 1.40.x before 1.40.1

Description An issue was discovered in includes/page/Article.php. Deleted revision existence is leaked due to incorrect permissions being checked, revealing a given revision ID belonged to the given page title and its timestamp, which are not supposed to be public information.

Recommendations For MediaWiki versions 1.36.x through 1.39.x before 1.39.5, update to version 1.39.5 or later. For MediaWiki versions 1.40.x before 1.40.1, update to version 1.40.1 or later.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALT-PU-2023-6419

ALT-PU-2024-11168

ALT-PU-2024-1228

BDU:2023-07040

BIT-MEDIAWIKI-2023-45364

CVE-2023-45364

DSA-5520-1

MGASA-2024-0155

Affected Products

Alt Linux

Mediawiki

Red Os

PT-2023-6328 · Mediawiki+2 · Mediawiki+2

CVE-2023-45364

Weakness Enumeration

Related Identifiers

Affected Products

References · 121