Description

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

Remediation

References

CVE-2023-29140

Related Vulnerabilities

WordPress Plugin Digital Publications by Supsystic Multiple Vulnerabilities (1.6.9)

WordPress Plugin Personalized WooCommerce Cart Page Cross-Site Request Forgery (2.4)

WordPress Plugin Web Forms for Vtiger wordpress Lead capture and Contacts Sync Unspecified Vulnerability (1.0.0)

Joomla Improper Input Validation Vulnerability (CVE-2020-11890)

Sqlite Improper Validation of Array Index Vulnerability (CVE-2022-35737)

Severity

Medium

Classification

CVE-2023-29140 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities