NA

CVE-2023-45364

Published: 09/10/2023 Updated: 12/10/2023
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

An issue exists in includes/page/Article.php in MediaWiki 1.36.x up to and including 1.39.x prior to 1.39.5 and 1.40.x prior to 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.

Vulnerable Product Search on Vulmon Subscribe to Product

mediawiki mediawiki 1.40.0

mediawiki mediawiki

debian debian linux 11.0

debian debian linux 12.0

Vendor Advisories

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service or information disclosure For the oldstable distribution (bullseye), these problems have been fixed in version 1:13513-1~deb11u1 For the stable distribution (bookworm), these problems have ...