CVE-2023-37305
First published: Fri Jun 30 2023(Updated: )
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaWiki MediaWiki | <=1.39.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-37305.
What is the severity level of CVE-2023-37305?
The severity level of CVE-2023-37305 is medium with a score of 5.3.
Which software versions are affected by CVE-2023-37305?
CVE-2023-37305 affects Mediawiki versions up to and including 1.39.3.
What is the issue with the ProofreadPage extension in Mediawiki?
The issue in the ProofreadPage extension allows hidden users to be exposed via public interfaces.
Is there a fix available for CVE-2023-37305?
Please refer to the references provided for information on available fixes or patches for CVE-2023-37305.
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mediawiki
- canonical/mediawiki mediawiki
- version/mediawiki mediawiki/1.39.3