82 matches found
BIT-MEDIAWIKI-2022-39194
An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions including page moves were performed...
BIT-MEDIAWIKI-2023-22945
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...
BIT-MEDIAWIKI-2023-29137
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users...
MediaWiki authorization error vulnerability (CNVD-2023-29701)
MediaWiki is a free and free-to-use web-based wiki engine from the MediaWiki Foundation, which can be used to deploy in-house knowledge management and content management systems. An authorization error vulnerability exists in the MediaWiki GrowthExperiments extension, which could be exploited by ...
CVE-2023-29137
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users...
CVE-2023-29137
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users...
CVE-2023-29140
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for revdeleted...
CVE-2023-29140
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for revdeleted...
Design/Logic Flaw
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users...
CVE-2023-29137
Summary: CVE-2023-29137 concerns the GrowthExperiments extension for MediaWiki (up to 1.39.3). The UserImpactHandler inadvertently returns the timezone preference for arbitrary users, enabling potential de-anonymization. The issue is rooted in the extension’s handling of user data (timezone prefe...
CVE-2023-29137
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users...
CVE-2023-29140
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for revdeleted...
CVE-2023-29140
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for revdeleted...
PT-2023-22167 · Mediawiki +1 · Growthexperiments Extension For Mediawiki +1
Name of the Vulnerable Software and Affected Versions: GrowthExperiments extension for MediaWiki versions through 1.39.3 Description: An issue in the GrowthExperiments extension for MediaWiki allows attackers to see edits for which the username has been hidden, due to a lack of check for rev...
CVE-2023-29140
CVE-2023-29140 concerns the GrowthExperiments extension for MediaWiki up to version 1.39.3. The root cause is a missing check for rev_deleted, which could allow an attacker to view edits where the username has been hidden. The available connected documents corroborate the exact affected component...
Fedora 37 : mediawiki (2023-30a7a812f0)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-30a7a812f0 advisory. https://www.mediawiki.org/wiki/Releasenotes/1.38 https://lists.wikimedia.org/hyperkitty/list/mediawiki-...
CVE-2023-22945
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...
CVE-2023-22945
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...
CVE-2023-22945
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...
Sql injection
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...