Lucene search
Redhat.comRH:CVE-2023-22945HistoryJan 16, 2023 - 9:06 a.m.
CVE-2023-22945
2023-01-1609:06:29
redhat.com
access.redhat.com
23
growthexperiments
mediawiki
api
access control
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
28.7%
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.
Related
cve
cve
CVE-2023-22945
2023-01-11 01:15:10
osv
osv
BIT-mediawiki-2023-22945
2024-03-06 11:02:34
CVE-2023-22945
2023-01-11 01:15:10
nvd
nvd
CVE-2023-22945
2023-01-11 01:15:10
cnvd
cnvd
MediaWiki authorization error vulnerability (CNVD-2023-29701)
2023-04-14 00:00:00
cvelist
cvelist
CVE-2023-22945
2023-01-11 00:00:00
prion
prion
Sql injection
2023-01-11 01:15:00
fedora
fedora
[SECURITY] Fedora 37 Update: mediawiki-1.38.5-1.fc37
2023-01-27 08:58:39
openvas
openvas
Fedora: Security Advisory for mediawiki (FEDORA-2023-30a7a812f0)
2023-01-29 00:00:00
nessus
nessus
Fedora 37 : mediawiki (2023-30a7a812f0)
2023-01-27 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
28.7%
Related for RH:CVE-2023-22945