Lucene search

GoogleOSV:CVE-2023-37305

HistoryJun 30, 2023 - 5:15 p.m.

CVE-2023-37305

2023-06-3017:15:09

Google

osv.dev

cve-2023-37305

proofreadpage

mediawiki

vulnerability

pagecontenthandler

pagedisplayhandler

hidden users

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.5%

JSON

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.

CPENameOperatorVersion
mediawikieq1.39.0
mediawikieq1.39.2
mediawikieq1.5.0beta2
mediawikieq1.39.0-rc.1
mediawikieq1.5.0beta4
mediawikieq1.5.0alpha1
mediawikieq1.39.3
mediawikieq1.5.0beta3
mediawikieq1.39.1
mediawikieq1.6.0

Name	Operator	Version
mediawiki	eq	1.39.0
mediawiki	eq	1.39.2
mediawiki	eq	1.5.0beta2
mediawiki	eq	1.39.0-rc.1
mediawiki	eq	1.5.0beta4
mediawiki	eq	1.5.0alpha1
mediawiki	eq	1.39.3
mediawiki	eq	1.5.0beta3
mediawiki	eq	1.39.1
mediawiki	eq	1.6.0

Rows per page:

1-10 of 151

References

gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34

phabricator.wikimedia.org/T326952

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.5%

JSON

Related for OSV:CVE-2023-37305