CVE-2023-37301

Published: Jun 30, 2023Modified: Nov 27, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.

Affected (1)

Products: Mediawiki: Mediawiki

Mediawiki

1 product

Mediawiki

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mediawiki Mediawiki	Up to 1.39.3

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (4)

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663

Source: cve@mitre.org

Release NotesVendor Advisory

https://phabricator.wikimedia.org/T250720

Source: cve@mitre.org

ExploitIssue TrackingVendor Advisory

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://phabricator.wikimedia.org/T250720

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.