The vulnerability of the DifferenceEngine.php file, a software tool for implementing a hypertext environment like MediaWiki, allows a perpetrator to access confidential information.

🗓️ 09 Apr 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Remote attacker can exploit DifferenceEngine.php in MediaWiki to access confidential data by ignoring user names.

Reporter	Title	Published	Views	Family All 90
Circl	CVE-2023-45362	12 Apr 202409:07	–	circl
CNNVD	MediaWiki Information Disclosure Vulnerability	3 Nov 202300:00	–	cnnvd
CVE	CVE-2023-45362	3 Nov 202300:00	–	cve
Cvelist	CVE-2023-45362	3 Nov 202300:00	–	cvelist
Debian	[SECURITY] [DLA 3671-1] mediawiki security update	28 Nov 202311:46	–	debian
Debian	[SECURITY] [DSA 5520-1] mediawiki security update	10 Oct 202319:25	–	debian
Debian CVE	CVE-2023-45362	3 Nov 202300:00	–	debiancve
Tenable Nessus	Debian dla-3671 : mediawiki - security update	28 Nov 202300:00	–	nessus
Tenable Nessus	Debian DSA-5520-1 : mediawiki - security update	10 Oct 202300:00	–	nessus
Tenable Nessus	Fedora 40 : mediawiki / php-oojs-oojs-ui / php-wikimedia-cdb / etc (2024-2c564b942d)	11 May 202400:00	–	nessus

Source	Link
phabricator	www.phabricator.wikimedia.org/T341529
redos	www.redos.red-soft.ru/support/secure/
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.11/
web	www.web.nvd.nist.gov/view/vuln/detail

26 Aug 2024 00:00Current

5.4Medium risk

Vulners AI Score5.4

CVSS 24

CVSS 34.3

EPSS0.00626

differenceengine file mediawiki vulnerability remote attack confidential data ignoring user names web security