CVE-2023-45367

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 9, 2023
Updated: Oct 12, 2023

Summary

CVE-2023-45367 is a vulnerability found in the CheckUser extension for MediaWiki versions prior to 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. This vulnerability allows an attacker to use a specific URL to store an unlimited number of rows, leading to a denial of service (DoS) attack. The affected products include various versions of Xz2hff, Xz2hfe, Xz2hf_, and others listed in the text. To remediate this vulnerability, it is recommended to update MediaWiki to version 1.35.12, 1.39.5, or 1.40.1 depending on the installed version branch being used by the organization's system and review access controls for the CheckUser extension API to prevent misuse or unauthorized access attempts. The potential danger posed by this vulnerability is a DoS attack that can disrupt the availability of the affected organization's MediaWiki instance, potentially causing operational disruptions and impacting user experience.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-45367 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options