CVE-2023-45372
First published: Mon Oct 09 2023(Updated: )
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaWiki | <1.35.12 | |
| MediaWiki | >=1.36.0<1.39.5 | |
| MediaWiki | =1.40.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-45372?
CVE-2023-45372 is an issue discovered in the Wikibase extension for MediaWiki before version 1.35.12, 1.36.x through 1.39.x before version 1.39.5, and 1.40.x before version 1.40.1.
What is the severity of CVE-2023-45372?
The severity of CVE-2023-45372 is medium with a CVSS score of 5.3.
How does CVE-2023-45372 affect MediaWiki?
CVE-2023-45372 affects the Wikibase extension for MediaWiki versions before 1.35.12, 1.36.x through 1.39.x before version 1.39.5, and 1.40.x before version 1.40.1.
What is the impact of CVE-2023-45372?
CVE-2023-45372 allows an attacker to bypass the edit filter during item merging in the Wikibase extension of MediaWiki.
How can I fix CVE-2023-45372?
To fix CVE-2023-45372, update MediaWiki to version 1.35.12, 1.39.5, or 1.40.1 depending on your installed version.
- agent/references
- agent/type
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/weakness
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- vendor/mediawiki
- canonical/mediawiki
- version/mediawiki/1.36.0
- version/mediawiki/1.40.0