Lucene search

K
cve[email protected]CVE-2023-45364
HistoryOct 09, 2023 - 5:15 a.m.

CVE-2023-45364

2023-10-0905:15:09
CWE-732
web.nvd.nist.gov
26
cve-2023-45364
mediawiki
information leak
security vulnerability
nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0

Percentile

13.3%

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.

Affected configurations

NVD
Node
mediawikimediawikiRange1.36.01.39.5
OR
mediawikimediawikiMatch1.40.0-
Node
debiandebian_linuxMatch11.0
OR
debiandebian_linuxMatch12.0
VendorProductVersionCPE
mediawikimediawiki1.40.0cpe:/a:mediawiki:mediawiki:1.40.0:-::

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0

Percentile

13.3%