CVE-2023-45362 | THREATINT

Description

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.

PUBLISHED Reserved 2023-10-09 | Published 2023-11-03 | Updated 2024-08-02 | Assigner mitre

References

phabricator.wikimedia.org/T341529

lists.debian.org/debian-lts-announce/2023/11/msg00027.html ([debian-lts-announce] 20231128 [SECURITY] [DLA 3671-1] mediawiki security update) mailing-list

lists.fedoraproject.org/...FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/ (FEDORA-2024-2c564b942d) vendor-advisory

cve.org (CVE-2023-45362)

nvd.nist.gov (CVE-2023-45362)

Download JSON