CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS
Percentile
69.4%
Mediawikwi reports:
(T264765, CVE-2023-PENDING) SECURITY: Users without correct permission
are incorrectly shown MediaWiki:Missing-revision-permission.
(T333050, CVE-2023-PENDING) SECURITY: Fix infinite loop for
self-redirects with variants conversion.
(T340217, CVE-2023-PENDING) SECURITY: Vector 2022: Numerous unescaped
messages leading to potential XSS.
(T340220, CVE-2023-PENDING) SECURITY: Vector 2022: vector-intro-page
message is assumed to yield a valid title.
(T340221, CVE-2023-PENDING) SECURITY: XSS via
‘youhavenewmessagesmanyusers’ and ‘youhavenewmessages’ messages.
(T341529, CVE-2023-PENDING) SECURITY: diff-multi-sameuser (“X
intermediate revisions by the same user not shown”) ignores username
suppression.
(T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML
file to Special:Upload (non-standard configuration).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | mediawiki135 | < 1.35.13 | UNKNOWN |
FreeBSD | any | noarch | mediawiki139 | < 1.39.5 | UNKNOWN |
FreeBSD | any | noarch | mediawiki140 | < 1.40.1 | UNKNOWN |