CVE-2023-45369

MEDIUM4.3EPSS 0.11%

Published: 3/6/2024Modified: 4/3/2025

Description

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.

Affected packages (1)

Bitnami/mediawikifrom 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (3)

WEBhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/960676
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-45369
WEBhttps://phabricator.wikimedia.org/T344359