CVE-2023-37301

MEDIUM

Mediawiki < 1.39.3 - Weak Encryption

Title source: rule

Description

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.

References (2)

[Release Notes, Vendor Advisory] https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663

[Exploit, Issue Tracking, Vendor Advisory] https://phabricator.wikimedia.org/T250720

Scores

CVSS v3 5.3

EPSS 0.0011

EPSS Percentile 29.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-326

Status published

Products (1)

mediawiki/mediawiki < 1.39.3

Published Jun 30, 2023

Tracked Since Feb 18, 2026