Description

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

Remediation

References

CVE-2023-29140

Related Vulnerabilities

Django Improper Input Validation Vulnerability (CVE-2023-31047)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1915)

WordPress Plugin Simple Photo Gallery Cross-Site Scripting (1.8.0)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Privilege Escalation (2.0.50)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4382)

Severity

Medium

Classification

CVE-2023-29140 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities