PT-2023-8950 · Mediawiki+2 · Mediawiki+3

Soda

·

Published

2023-10-08

·

Updated

2024-08-20

·

CVE-2023-45369

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions MediaWiki PageTriage extension versions prior to 1.35.12 MediaWiki PageTriage extension versions 1.36.x through 1.39.x before 1.39.5 MediaWiki PageTriage extension versions 1.40.x before 1.40.1
Description An issue was discovered in the PageTriage extension for MediaWiki, where usernames of hidden users are exposed. This could allow a remote attacker to gain unauthorized access to protected information.
Recommendations For MediaWiki PageTriage extension versions prior to 1.35.12, update to version 1.35.12 or later. For MediaWiki PageTriage extension versions 1.36.x through 1.39.x, update to version 1.39.5 or later. For MediaWiki PageTriage extension versions 1.40.x, update to version 1.40.1 or later.

Fix

Incorrect Permission

Weakness Enumeration

CWE-732

Related Identifiers

ALT-PU-2023-6419
ALT-PU-2024-11168
ALT-PU-2024-1228
BDU:2024-02752
BIT-MEDIAWIKI-2023-45369
CVE-2023-45369

Affected Products

Alt Linux
Mediawiki
Pagetriage Extension
Red Os