CVE-2023-45372

MEDIUM

Wikibase extension <1.35.12, 1.36-1.39.5, 1.40-1.40.1 - Info Disclo...

Title source: llm

Description

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).

References (2)

[Issue Tracking, Vendor Advisory] https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264

[Issue Tracking, Permissions Required] https://phabricator.wikimedia.org/T345064

Scores

CVSS v3 5.3

EPSS 0.0013

EPSS Percentile 32.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-693

Status published

Affected Products (2)

mediawiki/mediawiki < 1.35.12

mediawiki/mediawiki

Timeline

Published Oct 09, 2023

Tracked Since Feb 18, 2026