CVE-2023-45372

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Oct 9, 2023

Updated: Oct 12, 2023

Summary

CVE-2023-45372: A vulnerability was found in the Wikibase extension of MediaWiki versions before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, the ItemMergeInteractor fails to run edit filters, such as AbuseFilter, potentially enabling malicious edits. This issue could lead to unintended changes to Wikimedia project data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mediawiki

Affected Vendors

Mediawiki

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s8FvH-
https://www.cve.org/CVERecord?id=CVE-2023-45372
https://nvd.nist.gov/vuln/detail/CVE-2023-45372

Back to Vulnerability Database