An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.
References
Link | Resource |
---|---|
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663 | Release Notes Vendor Advisory |
https://phabricator.wikimedia.org/T250720 | Exploit Issue Tracking Vendor Advisory |
Configurations
History
07 Jul 2023, 18:26
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
First Time |
Mediawiki mediawiki
Mediawiki |
|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:* | |
References | (MISC) https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663 - Release Notes, Vendor Advisory | |
References | (MISC) https://phabricator.wikimedia.org/T250720 - Exploit, Issue Tracking, Vendor Advisory |
30 Jun 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-30 17:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-37301
Mitre link : CVE-2023-37301
CVE.ORG link : CVE-2023-37301
JSON object : View
Products Affected
mediawiki
- mediawiki
CWE