CVE-2023-29140

Published: Mar 31, 2023Modified: Feb 18, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

Affected (1)

Products: Mediawiki: Mediawiki

Mediawiki

1 product

Mediawiki

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mediawiki Mediawiki	Up to 1.39.3

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://phabricator.wikimedia.org/T327613

Source: cve@mitre.org

Issue TrackingPatch

https://phabricator.wikimedia.org/T327613

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.