Lucene search

PRIOn knowledge basePRION:CVE-2023-45364

HistoryOct 09, 2023 - 5:15 a.m.

Information disclosure

2023-10-0905:15:00

PRIOn knowledge base

www.prio-n.com

information disclosure

deleted revision

incorrect permissions

mediawiki

nvd

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.

CPENameOperatorVersion
debian_linuxeq11.0
debian_linuxeq12.0
mediawikieq1.40.0
mediawikige1.36.0
mediawikilt1.39.5

Name	Operator	Version
debian_linux	eq	11.0
debian_linux	eq	12.0
mediawiki	eq	1.40.0
mediawiki	ge	1.36.0
mediawiki	lt	1.39.5

References

phabricator.wikimedia.org/T264765

www.debian.org/security/2023/dsa-5520