Lucene search

[email protected]NVD:CVE-2023-37305

HistoryJun 30, 2023 - 5:15 p.m.

CVE-2023-37305

2023-06-3017:15:09

[email protected]

web.nvd.nist.gov

cve-2023-37305

proofreadpage

mediawiki

security issue

pagecontenthandler

pagedisplayhandler

hidden users

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

JSON

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.

Affected configurations

NVD

Node

mediawikimediawikiRange≤1.39.3

References

gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34

phabricator.wikimedia.org/T326952

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

JSON

Related for NVD:CVE-2023-37305

veracode1 ubuntucve1 cvelist1 osv2 prion1 cve1