CVE-2023-45367

Summary

CVE-2023-45367 is a vulnerability affecting the CheckUser extension in MediaWiki versions before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. This issue allows a user to store an excessive number of rows in the cu_useragent_clienthints table through a rest.php/checkuser/v0/useragent-clienthints/revision/ URL. The result is a denial of service for the affected MediaWiki instance. By exploiting this vulnerability, an attacker can cause the database to become overwhelmed, leading to a degraded user experience or even a complete system crash. This issue underscores the importance of keeping MediaWiki installations up to date to protect against known vulnerabilities.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.