An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.
History

Wed, 27 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-06-30T00:00:00

Updated: 2024-11-27T18:54:20.196Z

Reserved: 2023-06-30T00:00:00

Link: CVE-2023-37300

cve-icon Vulnrichment

Updated: 2024-08-02T17:09:34.069Z

cve-icon NVD

Status : Modified

Published: 2023-06-30T17:15:09.477

Modified: 2024-11-27T19:15:31.773

Link: CVE-2023-37300

cve-icon Redhat

No data.