First published: Fri Jun 30 2023(Updated: )
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MediaWiki MediaWiki | <=1.39.3 | |
<=1.39.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-37305.
The severity level of CVE-2023-37305 is medium with a score of 5.3.
CVE-2023-37305 affects Mediawiki versions up to and including 1.39.3.
The issue in the ProofreadPage extension allows hidden users to be exposed via public interfaces.
Please refer to the references provided for information on available fixes or patches for CVE-2023-37305.