Description

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

Remediation

References

CVE-2023-29140

Related Vulnerabilities

Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.5)

MySQL CVE-2022-21479 Vulnerability (CVE-2022-21479)

WordPress Plugin My Calendar Multiple Cross-Site Scripting Vulnerabilities (1.10.1)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-0145)

MySQL CVE-2018-2813 Vulnerability (CVE-2018-2813)

Severity

Medium

Classification

CVE-2023-29140 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities