Vulnerability Description
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | <= 1.39.0 |
| Fedoraproject | Fedora | 37 |
Related Weaknesses (CWE)
References
- https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88PatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://phabricator.wikimedia.org/T321733Issue TrackingPatchVendor Advisory
- https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88PatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://phabricator.wikimedia.org/T321733Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2023-22945?
CVE-2023-22945 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship...
How severe is CVE-2023-22945?
CVE-2023-22945 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-22945?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki, Fedoraproject Fedora.