CVE-2023-37300

Exploit

EPSS 0.15%
Published 30.06.2023 17:15:09
Last modified 27.11.2024 19:15:31
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Mediawiki ≫ Mediawiki Version <= 1.39.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.364

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://gerrit.wikimedia.org/r/q/I993fdcae1fedb7dd543b35a477026bc727615b0a

Vendor Advisory

https://phabricator.wikimedia.org/T330968

Patch

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-37300

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-37300

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-37300

EUVD