Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-45362

Опубликовано: 12 окт. 2023
Источник: redhat
EPSS Низкий

Описание

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11mediawikiOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2247805mediawiki: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression

EPSS

Процентиль: 48%
0.0025
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-45362

CVSS3: 4.3
ubuntu
около 2 лет назад

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.

nvd логотип

CVE-2023-45362

CVSS3: 4.3
nvd
около 2 лет назад

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.

debian логотип

CVE-2023-45362

CVSS3: 4.3
debian
около 2 лет назад

An issue was discovered in DifferenceEngine.php in MediaWiki before 1. ...

github логотип

GHSA-vpqp-jxq3-5x89

CVSS3: 4.3
github
около 2 лет назад

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.

fstec логотип

BDU:2024-02746

CVSS3: 4.3
fstec
около 2 лет назад

Уязвимость файла DifferenceEngine.php программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю получить доступ к конфиденциальной информации

EPSS

Процентиль: 48%
0.0025
Низкий