Description

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

Remediation

References

CVE-2023-29140

Related Vulnerabilities

Grafana Missing Authorization Vulnerability (CVE-2023-2183)

Ruby Cryptographic Issues Vulnerability (CVE-2013-4363)

Oracle HTTP Server Other Vulnerability (CVE-2002-0656)

WordPress Plugin Discount Rules for WooCommerce Multiple Vulnerabilities (2.0.2)

Apache Tomcat Numeric Errors Vulnerability (CVE-2014-0099)

Severity

Medium

Classification

CVE-2023-29140 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities