CVE-2023-37303

Published: Jun 30, 2023Modified: Nov 27, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.

Affected (1)

Products: Mediawiki: Mediawiki

Mediawiki

1 product

Mediawiki

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mediawiki Mediawiki	Up to 1.39.3

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (4)

https://gerrit.wikimedia.org/r/q/I10a9273c542576b3f7bb38de68dcd2aa41cfb1b0

Source: cve@mitre.org

Vendor Advisory

https://phabricator.wikimedia.org/T338276

Source: cve@mitre.org

ExploitIssue TrackingPatchVendor Advisory

https://gerrit.wikimedia.org/r/q/I10a9273c542576b3f7bb38de68dcd2aa41cfb1b0

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://phabricator.wikimedia.org/T338276

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchVendor Advisory

Timeline

No history available yet.