Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-29137
HistoryMar 31, 2023 - 7:15 p.m.

Design/Logic Flaw

2023-03-3119:15:00
PRIOn knowledge base
www.prio-n.com
5
design flaw
logic flaw
mediawiki
userimpacthandler
growthexperiments
user de-anonymization

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.1%

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.

CPENameOperatorVersion
mediawikile1.39.3

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.1%

Related for PRION:CVE-2023-29137