CVE-2023-37301

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-37301

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37301.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-37301

Aliases

BIT-mediawiki-2023-37301

Related

UBUNTU-CVE-2023-37301

Published

2023-06-30T17:15:09Z

Modified

2025-01-14T11:55:16.429008Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.

References

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type: GIT
Repo: https://github.com/wikimedia/mediawiki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2fdadd4096268cebab8fbc2f245dd441e2f05536

Affected versions

1.*

1.1.0

1.3.0beta1

1.39.0

1.39.0-rc.0

1.39.0-rc.1

1.39.1

1.39.2

1.39.3

1.5.0alpha1

1.5.0alpha2

1.5.0beta1

1.5.0beta2

1.5.0beta3

1.5.0beta4

1.6.0