Use of Less Trusted Source

CVE-2023-29141

High

9.8/10

Summary

An issue was discovered in MediaWiki package versions through 1.35.9, 1.36.0-rc.0 through 1.38.5, and 1.39.0-rc.0 through 1.39.2. An auto-block can occur for an untrusted X-Forwarded-For header.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-348 - Use of Less Trusted Source

The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

References

Issue
Advisory
Release Note

Advisory Timeline

Published Mar 31, 2023

Use of Less Trusted Source

CVE-2023-29141

Summary

CWE-348 - Use of Less Trusted Source

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS