CVE-2023-45374

Name of the Vulnerable Software and Affected Versions MediaWiki SportsTeams extension versions 1.35.x through 1.35.11 MediaWiki SportsTeams extension versions 1.36.x through 1.39.4 MediaWiki SportsTeams extension versions 1.40.x through 1.40.0

Description An issue was discovered in the SportsTeams extension for MediaWiki. It does not check for the anti-CSRF edit token in "Special:SportsTeamsManager" and "Special:UpdateFavoriteTeams". This could allow a remote attacker to impact the integrity of protected information.

Recommendations For MediaWiki SportsTeams extension versions 1.35.x through 1.35.11, update to version 1.35.12 or later. For MediaWiki SportsTeams extension versions 1.36.x through 1.39.4, update to version 1.39.5 or later. For MediaWiki SportsTeams extension versions 1.40.x through 1.40.0, update to version 1.40.1 or later. As a temporary workaround, consider disabling access to "Special:SportsTeamsManager" and "Special:UpdateFavoriteTeams" until a patch is available.