What is the severity of CVE-2023-45364?

The severity of CVE-2023-45364 is medium.

How is CVE-2023-45364 exploited?

CVE-2023-45364 can be exploited by leaking deleted revision existence due to incorrect permissions being checked.

Which versions of MediaWiki are affected by CVE-2023-45364?

MediaWiki versions 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1 are affected by CVE-2023-45364.

How can I fix CVE-2023-45364?

To fix CVE-2023-45364, update to MediaWiki version 1.39.5 or 1.40.1.

Where can I find more information about CVE-2023-45364?

You can find more information about CVE-2023-45364 at the following references: [Phabricator](https://phabricator.wikimedia.org/T264765), [Debian Security Advisory](https://www.debian.org/security/2023/dsa-5520), [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2023-45364).

Vulnerability/
CVE-2023-45364

medium

5.3

CWE

732

9/10/2023

12/10/2023

CVE-2023-45364

First published: Mon Oct 09 2023(Updated: )

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/mediawiki		1:1.31.16-1+deb10u2 1:1.31.16-1+deb10u7 1:1.35.11-1~deb11u1 1:1.35.13-1~deb11u1 1:1.39.5-1~deb12u1 1:1.39.5-1
MediaWiki MediaWiki	>=1.36.0<1.39.5
MediaWiki MediaWiki	=1.40.0
Debian Debian Linux	=11.0
Debian Debian Linux	=12.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-45364?
The severity of CVE-2023-45364 is medium.
How is CVE-2023-45364 exploited?
CVE-2023-45364 can be exploited by leaking deleted revision existence due to incorrect permissions being checked.
Which versions of MediaWiki are affected by CVE-2023-45364?
MediaWiki versions 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1 are affected by CVE-2023-45364.
How can I fix CVE-2023-45364?
To fix CVE-2023-45364, update to MediaWiki version 1.39.5 or 1.40.1.
Where can I find more information about CVE-2023-45364?
You can find more information about CVE-2023-45364 at the following references: [Phabricator](https://phabricator.wikimedia.org/T264765), [Debian Security Advisory](https://www.debian.org/security/2023/dsa-5520), [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2023-45364).

collector/security-tracker-debian
agent/weakness
agent/type
agent/event
agent/severity
agent/references
agent/author
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
package-manager/debian
vendor/mediawiki
canonical/mediawiki mediawiki
version/mediawiki mediawiki/1.36.0
version/mediawiki mediawiki/1.40.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/11.0
version/debian debian linux/12.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.