CVE-2023-29140

Medium

5.3/10

Summary

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

References

Advisory Timeline

Published Mar 31, 2023

CVE-2023-29140

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS