CVE-2023-37301
First published: Fri Jun 30 2023(Updated: )
An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaWiki MediaWiki | <=1.39.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-37301.
What is the affected software?
The affected software is MediaWiki versions up to and including 1.39.3.
What is the severity of CVE-2023-37301?
The severity of CVE-2023-37301 is medium with a CVSS score of 5.3.
What is the description of CVE-2023-37301?
CVE-2023-37301 is an issue discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3 where the intended interaction with AbuseFilter does not occur.
Is there a fix available for CVE-2023-37301?
Yes, the fix for CVE-2023-37301 can be found in the official MediaWiki extension repository.
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mediawiki
- canonical/mediawiki mediawiki
- version/mediawiki mediawiki/1.39.3