← Back

CVE-2023-45372

nvd nist
Published: Oct 9, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).

Affected (3)

Products: Mediawiki: Mediawiki
Mediawiki
1 product
Mediawiki
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Mediawiki
Mediawiki
Before 1.35.12
Mediawiki
From 1.36.0 to 1.39.5
Mediawiki
Version 1.40.0

Related CWEs

CWE-693
Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (4)

Source: cve@mitre.org
Issue TrackingVendor Advisory
Source: cve@mitre.org
Issue TrackingPermissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPermissions Required

Timeline

No history available yet.