Detections
Analytics

CVE-2023-45372

medium

Description

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).

References

https://phabricator.wikimedia.org/T345064

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264

Details

Source: Mitre, NVD

Published: 2023-10-09

Updated: 2023-10-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium