Description

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.

Remediation

References

CVE-2023-22945

Related Vulnerabilities

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)

WordPress Plugin Jigoshop Unspecified Vulnerability (1.10.5)

WordPress Plugin Keep Backup Daily Unspecified Vulnerability (2.0.3)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8393)

WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor Cross-Site Scripting (2.8.2)

Severity

Medium

Classification

CVE-2023-22945 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities