Lucene search
HistoryJan 11, 2023 - 1:15 a.m.
CVE-2023-22945
growthexperiments mediawiki api vulnerability
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0.001
Percentile
28.7%
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.
Affected configurations
Node
mediawikimediawikiRange≤1.39.0
Node
fedoraprojectfedoraMatch37
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mediawiki | mediawiki | * | cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:* |
| fedoraproject | fedora | 37 | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
Related
redhatcve
redhatcve
CVE-2023-22945
2023-01-16 09:06:29
cve
cve
CVE-2023-22945
2023-01-11 01:15:10
osv
osv
CVE-2023-22945
2023-01-11 01:15:10
BIT-mediawiki-2023-22945
2024-03-06 11:02:34
cnvd
cnvd
MediaWiki authorization error vulnerability (CNVD-2023-29701)
2023-04-14 00:00:00
cvelist
cvelist
CVE-2023-22945
2023-01-11 00:00:00
prion
prion
Sql injection
2023-01-11 01:15:00
nessus
nessus
Fedora 37 : mediawiki (2023-30a7a812f0)
2023-01-27 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: mediawiki-1.38.5-1.fc37
2023-01-27 08:58:39
openvas
openvas
Fedora: Security Advisory for mediawiki (FEDORA-2023-30a7a812f0)
2023-01-29 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0.001
Percentile
28.7%
Related for NVD:CVE-2023-22945