Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-45364
HistoryOct 09, 2023 - 12:00 a.m.

CVE-2023-45364

2023-10-0900:00:00
ubuntu.com
ubuntu.com
11
mediawiki
security issue
deleted revision
data leakage
permission check

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0

Percentile

13.3%

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x
through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision
existence is leaked due to incorrect permissions being checked. This
reveals that a given revision ID belonged to the given page title, and its
timestamp, both of which are not supposed to be public information.

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0

Percentile

13.3%