Lucene search
MitreCVE-2023-22945HistoryJan 11, 2023 - 1:15 a.m.
CVE-2023-22945
2023-01-1101:15:10
CWE-863
mitre
web.nvd.nist.gov
40
cve
2023
22945
mediawiki
growthexperiments
extension
vulnerability
api
blocked users
mentorship
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.5
Confidence
High
EPSS
0.001
Percentile
28.7%
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.
Affected configurations
Node
mediawikimediawikiRange≤1.39.0
Node
fedoraprojectfedoraMatch37
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mediawiki | mediawiki | * | cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:* |
| fedoraproject | fedora | 37 | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
Related
redhatcve
redhatcve
CVE-2023-22945
2023-01-16 09:06:29
osv
osv
BIT-mediawiki-2023-22945
2024-03-06 11:02:34
CVE-2023-22945
2023-01-11 01:15:10
nvd
nvd
CVE-2023-22945
2023-01-11 01:15:10
cnvd
cnvd
MediaWiki authorization error vulnerability (CNVD-2023-29701)
2023-04-14 00:00:00
cvelist
cvelist
CVE-2023-22945
2023-01-11 00:00:00
prion
prion
Sql injection
2023-01-11 01:15:00
nessus
nessus
Fedora 37 : mediawiki (2023-30a7a812f0)
2023-01-27 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: mediawiki-1.38.5-1.fc37
2023-01-27 08:58:39
openvas
openvas
Fedora: Security Advisory for mediawiki (FEDORA-2023-30a7a812f0)
2023-01-29 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.5
Confidence
High
EPSS
0.001
Percentile
28.7%
Related for CVE-2023-22945