First published: Fri Nov 03 2023(Updated: )
An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/mediawiki | <=1:1.31.16-1+deb10u2<=1:1.35.11-1~deb11u1 | 1:1.31.16-1+deb10u7 1:1.35.13-1~deb11u1 1:1.39.5-1~deb12u1 1:1.39.5-1 |
MediaWiki MediaWiki | <1.35.12 | |
MediaWiki MediaWiki | >=1.36.0<1.39.5 | |
MediaWiki MediaWiki | =1.40.0 | |
MediaWiki MediaWiki | =1.40.0-rc0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-45362 is a vulnerability in MediaWiki that allows for information leakage.
The severity of CVE-2023-45362 is not specified.
CVE-2023-45362 affects MediaWiki versions before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.
To fix CVE-2023-45362, update MediaWiki to version 1.35.12, 1.39.5, or 1.40.1 or later.
More information about CVE-2023-45362 can be found at the following references: [Phabricator](https://phabricator.wikimedia.org/T341529) and [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2023-45362).