CVE-2023-45371
First published: Mon Oct 09 2023(Updated: )
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wikimedia MediaWiki | <1.35.12 | |
| Wikimedia MediaWiki | >=1.36.0<1.39.5 | |
| Wikimedia MediaWiki | =1.40.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-45371?
CVE-2023-45371 is an issue discovered in the Wikibase extension for MediaWiki before version 1.35.12, 1.36.x through 1.39.x before version 1.39.5, and 1.40.x before version 1.40.1.
What is the severity of CVE-2023-45371?
CVE-2023-45371 has a severity rating of 7.5, which is considered high.
What is the affected software for CVE-2023-45371?
The affected software for CVE-2023-45371 is MediaWiki before version 1.35.12, 1.36.x through 1.39.x before version 1.39.5, and 1.40.x before version 1.40.1.
Is there a rate limit for merging items in CVE-2023-45371?
No, there is no rate limit for merging items in CVE-2023-45371.
How can I fix CVE-2023-45371?
To fix CVE-2023-45371, you should update your MediaWiki installation to version 1.35.12, 1.39.5, or 1.40.1 depending on the affected version.
- agent/references
- agent/type
- agent/author
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/mediawiki
- canonical/wikimedia mediawiki
- version/wikimedia mediawiki/1.36.0
- version/wikimedia mediawiki/1.40.0