CVE-2023-37300

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jun 30, 2023

Updated: Jul 6, 2023

Summary

CVE-2023-37300: MediaWiki's CheckUser extension, version 1.39.3 and below, contains a vulnerability in the CheckUserLog API. This issue results in incorrect access control, granting unauthorized users the ability to view hidden user information. This could potentially lead to privacy breaches or other malicious activities. It is advised that users upgrade to the latest version of the extension to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mediawiki

Affected Vendors

Mediawiki

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r1Qyi5
https://www.cve.org/CVERecord?id=CVE-2023-37300
https://nvd.nist.gov/vuln/detail/CVE-2023-37300

Back to Vulnerability Database