First published: Fri Jun 30 2023(Updated: )
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MediaWiki MediaWiki | <=1.39.3 | |
<=1.39.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2023-37300.
The affected software is MediaWiki.
MediaWiki version 1.39.3 is affected.
The severity of this vulnerability is medium (5.3).
The issue is incorrect access control for visibility of hidden users.