First published: Fri Jun 30 2023(Updated: )
An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MediaWiki MediaWiki | <=1.39.3 | |
<=1.39.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-37301.
The affected software is MediaWiki versions up to and including 1.39.3.
The severity of CVE-2023-37301 is medium with a CVSS score of 5.3.
CVE-2023-37301 is an issue discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3 where the intended interaction with AbuseFilter does not occur.
Yes, the fix for CVE-2023-37301 can be found in the official MediaWiki extension repository.