CVE-2023-22945

EPSS 0.09%
Published 11.01.2023 01:15:10
Last modified 07.04.2025 19:15:51
Source cve@mitre.org
Teams watchlist Login
Open Login

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Mediawiki ≫ Mediawiki Version <= 1.39.0

Fedoraproject ≫ Fedora Version37

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.272

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/

https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88

Patch

Vendor Advisory

https://phabricator.wikimedia.org/T321733

Patch

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2023-22945

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-22945

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-22945

EUVD