CVE-2023-22945

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-22945

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22945.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-22945

Aliases

BIT-mediawiki-2023-22945

Published

2023-01-11T01:15:10.377Z

Modified

2026-04-02T08:47:44.308354Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.

References

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type

GIT

Repo

https://github.com/wikimedia/mediawiki

Events

Introduced

Last affected

c95fc4786beba034fa643062b98a60ccbde831fd

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.39.0"
        }
    ]
}

Affected versions

1.*

1.1.0

1.10.0

1.10.0rc1

1.10.0rc2

1.10.1

1.10.2

1.10.3

1.10.4

1.11.0

1.11.0rc1

1.11.1

1.11.2

1.12.0

1.12.0rc1

1.12.1

1.12.2

1.12.3

1.12.4

1.13.0

1.13.0rc1

1.13.0rc2

1.13.1

1.13.2

1.13.3

1.13.4

1.13.5

1.14.0

1.14.0rc1

1.14.1

1.15.0

1.15.0rc1

1.15.1

1.15.2

1.15.3

1.15.4

1.15.5

1.16.0

1.16.0beta1

1.16.0beta2

1.16.0beta3

1.16.1

1.16.2

1.16.3

1.16.4

1.16.5

1.17.0

1.17.0beta1

1.17.0rc1

1.17.1

1.17.2

1.17.3

1.17.4

1.17.5

1.18.0

1.18.0beta1

1.18.0rc1

1.18.1

1.18.2

1.18.3

1.18.4

1.18.5

1.18.6

1.19.0

1.19.0beta1

1.19.0beta2

1.19.0rc1

1.19.1

1.19.10

1.19.11

1.19.12

1.19.13

1.19.14

1.19.15

1.19.16

1.19.17

1.19.18

1.19.19

1.19.2

1.19.20

1.19.21

1.19.22

1.19.23

1.19.24

1.19.3

1.19.4

1.19.5

1.19.6

1.19.7

1.19.8

1.19.9

1.2.0

1.2.0rc1

1.2.0rc2

1.2.0rc3

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.20.0

1.20.0rc1

1.20.0rc2

1.20.1

1.20.2

1.20.3

1.20.4

1.20.5

1.20.6

1.20.7

1.20.8

1.21.0

1.21.1

1.21.10

1.21.11

1.21.2

1.21.3

1.21.4

1.21.5

1.21.6

1.21.7

1.21.8

1.21.9

1.22.0

1.22.0rc-FINAL

1.22.0rc0

1.22.0rc1

1.22.0rc2

1.22.0rc3

1.22.1

1.22.10

1.22.11

1.22.12

1.22.13

1.22.14

1.22.15

1.22.2

1.22.3

1.22.4

1.22.5

1.22.6

1.22.7

1.22.8

1.22.9

1.23.0

1.23.0-rc.1

1.23.0-rc.2

1.23.0-rc.3

1.23.0rc0

1.23.1

1.23.10

1.23.11

1.23.12

1.23.13

1.23.14

1.23.15

1.23.16

1.23.17

1.23.2

1.23.3

1.23.4

1.23.5

1.23.6

1.23.7

1.23.8

1.23.9

1.24.0

1.24.0-rc.0

1.24.0-rc.1

1.24.0-rc.2

1.24.0-rc.3

1.24.1

1.24.2

1.24.3

1.24.4

1.24.5

1.24.6

1.25.0

1.25.0-rc.0

1.25.1

1.25.2

1.25.3

1.25.4

1.25.5

1.25.6

1.26.0

1.26.1

1.26.2

1.26.3

1.26.4

1.27.0

1.27.0-rc.0

1.27.0-rc.1

1.27.1

1.27.2

1.27.3

1.27.4

1.27.5

1.27.6

1.27.7

1.28.0

1.28.0-rc.0

1.28.0-rc.1

1.28.1

1.28.2

1.28.3

1.29.0

1.29.0-rc.0

1.29.0-rc.1

1.29.1

1.29.2

1.29.3

1.3.0

1.3.0beta1

1.3.0beta2

1.3.0beta3

1.3.0beta4

1.3.0beta4a

1.3.0beta5

1.3.0beta6

1.3.1

1.3.10

1.3.11

1.3.12

1.3.13

1.3.14

1.3.15

1.3.16

1.3.17

1.3.18

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.30.0

1.30.0-rc.0

1.30.1

1.30.2

1.31.0

1.31.0-rc.0

1.31.0-rc.1

1.31.0-rc.2

1.31.1

1.31.10

1.31.11

1.31.12

1.31.13

1.31.14

1.31.15

1.31.16

1.31.2

1.31.3

1.31.4

1.31.5

1.31.6

1.31.7

1.31.8

1.31.9

1.31.9-2

1.32.0

1.32.0-rc.0

1.32.0-rc.1

1.32.0-rc.2

1.32.1

1.32.2

1.32.3

1.32.4

1.32.5

1.32.6

1.33.0

1.33.0-rc.0

1.33.1

1.33.2

1.33.3

1.33.4

1.34.0

1.34.0-rc.0

1.34.0-rc.1

1.34.1

1.34.2

1.34.3

1.34.4

1.35.0

1.35.0-rc.0

1.35.0-rc.1

1.35.0-rc.2

1.35.0-rc.3

1.35.1

1.35.10

1.35.11

1.35.12

1.35.13

1.35.14

1.35.2

1.35.3

1.35.4

1.35.5

1.35.6

1.35.7

1.35.8

1.35.9

1.36.0

1.36.0-rc.0

1.36.1

1.36.2

1.36.3

1.36.4

1.37.0

1.37.0-rc.0

1.37.0-rc.1

1.37.0-rc.2

1.37.1

1.37.2

1.37.3

1.37.4

1.37.5

1.37.6

1.38.0

1.38.0-rc.0

1.38.0-rc.1

1.38.1

1.38.2

1.38.3

1.38.4

1.38.5

1.38.6

1.38.7

1.39.0

1.39.0-rc.0

1.39.0-rc.1

1.4.0

1.4.0beta

1.4.0beta1

1.4.0beta2

1.4.0beta4

1.4.0beta5

1.4.0beta6

1.4.0rc1

1.4.1

1.4.10

1.4.11

1.4.12

1.4.13

1.4.14

1.4.15

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.40.0

1.40.0-rc.0

1.40.1

1.40.2

1.40.3

1.40.4

1.41.0

1.41.0-rc.0

1.41.1

1.41.2

1.41.3

1.41.4

1.41.5

1.42.0

1.42.0-rc.0

1.42.1

1.42.2

1.42.3

1.42.4

1.42.5

1.42.6

1.42.7

1.43.0

1.43.0-rc.0

1.43.1

1.43.2

1.43.3

1.43.4

1.43.5

1.43.6

1.43.7

1.43.8

1.44.0

1.44.0-rc.0

1.44.1

1.44.2

1.44.3

1.44.4

1.44.5

1.45.0

1.45.0-rc.0

1.45.1

1.45.2

1.45.3

1.5.0

1.5.0alpha1

1.5.0alpha2

1.5.0beta1

1.5.0beta2

1.5.0beta3

1.5.0beta4

1.5.0rc1

1.5.0rc2

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.6.0

1.6.1

1.6.10

1.6.11

1.6.12

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7.0

1.7.1

1.7.2

1.7.3

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.9.0

1.9.0rc1

1.9.0rc2

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

Other

REL1_23

REL1_25

REL1_26

REL1_27

REL1_28

REL1_29

REL1_30

REL1_31

REL1_32

REL1_33

REL1_34

REL1_35

REL1_36

REL1_37

REL1_38

fundraising/REL1_27

fundraising/REL1_31

fundraising/REL1_35

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22945.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "37"
            }
        ]
    }
]