Description

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.

Remediation

References

CVE-2023-37300

Related Vulnerabilities

Oracle Database Server CVE-2011-0870 Vulnerability (CVE-2011-0870)

WordPress Plugin GD Star Rating 'wpfn' Parameter Cross-Site Scripting (1.9.8)

WordPress Plugin Social Media Flying Icons-Floating Social Media Icon Cross-Site Scripting (2.1)

MySQL CVE-2017-3463 Vulnerability (CVE-2017-3463)

WordPress Plugin SrbTransLatin Multiple Vulnerabilities (1.46)

Severity

Medium

Classification

CVE-2023-37300 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities