Lucene search

Veracode Vulnerability DatabaseVERACODE:43692

HistoryOct 10, 2023 - 1:54 a.m.

Remote Code Execution (RCE)

2023-10-1001:54:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

mediawiki

vulnerability

remote execution

arbitrary code

web page

user data

computer control

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

14.1%

JSON

mediawiki is vulnerable to Remote Code Execution (RCE). The vulnerability allows an attacker to inject arbitrary code into a web page, potentially allowing them to steal user data or take control of the user’s computer.

CPENameOperatorVersion
mediawiki:sideq1:1.35.0-1
mediawiki:bullseyeeq1:1.35.0-1
mediawiki:sideq1:1.35.0-1
mediawiki:bullseyeeq1:1.35.0-1

Name	Operator	Version
mediawiki:sid	eq	1:1.35.0-1
mediawiki:bullseye	eq	1:1.35.0-1
mediawiki:sid	eq	1:1.35.0-1
mediawiki:bullseye	eq	1:1.35.0-1

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

phabricator.wikimedia.org/T340221

security-tracker.debian.org/tracker/CVE-2023-45360