// For flags

CVE-2023-45364

Debian Security Advisory 5520-1

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.

Se descubrió un problema en include/page/Article.php en MediaWiki 1.36.x hasta 1.39.x anteriores a 1.39.5 y 1.40.x anteriores a 1.40.1. La existencia de la revisión eliminada se filtra debido a que se verificaron permisos incorrectos. Esto revela que un ID de revisión determinado pertenecía al título de la página determinada y a su marca de tiempo, los cuales no se supone que sean información pública.

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service or information disclosure.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-10-09 CVE Reserved
  • 2023-10-09 CVE Published
  • 2024-09-19 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (2)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://phabricator.wikimedia.org/T264765 2023-10-12
https://www.debian.org/security/2023/dsa-5520 2023-10-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mediawiki
Search vendor "Mediawiki"
 Mediawiki
Search vendor "Mediawiki" for product "Mediawiki"
 >= 1.36.0 < 1.39.5
Search vendor "Mediawiki" for product "Mediawiki" and version " >= 1.36.0 < 1.39.5"
-
Affected
Mediawiki
Search vendor "Mediawiki"
 Mediawiki
Search vendor "Mediawiki" for product "Mediawiki"
 1.40.0
Search vendor "Mediawiki" for product "Mediawiki" and version "1.40.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 12.0
Search vendor "Debian" for product "Debian Linux" and version "12.0"
-
Affected