CVE-2023-45367

MEDIUM

MediaWiki CheckUser Extension DoS via cu_useragent_clienthints Table Flooding

Title source: llm
STIX 2.1

Description

An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service.

References (1)

Core 1
Core References
Exploit, Issue Tracking, Vendor Advisory
https://phabricator.wikimedia.org/T344923

Scores

CVSS v3 6.5
EPSS 0.0014
EPSS Percentile 33.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (2)
mediawiki/mediawiki 1.40.0
mediawiki/mediawiki < 1.35.12
Published Oct 09, 2023
Tracked Since Feb 18, 2026