VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-2nan-sz96-1fhq

Essentials
Severities (60)
References (22)
Severity details (32)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2nan-sz96-1fhq
Aliases	CVE-2023-29141 GHSA-5vj8-g3qg-4qh6
Summary	X-Forwarded-For header allows brute-forcing autoblocked IP addresses An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-444	Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-29141
cvssv3.1	9.8	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
generic_textual	CRITICAL	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
ssvc	Track*	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-5vj8-g3qg-4qh6
cvssv3.1	9.8	https://github.com/wikimedia/mediawiki
generic_textual	CRITICAL	https://github.com/wikimedia/mediawiki
cvssv3.1	9.8	https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
generic_textual	CRITICAL	https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
ssvc	Track*	https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/
ssvc	Track*	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/
ssvc	Track*	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2023-29141
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2023-29141
cvssv3.1	9.8	https://phabricator.wikimedia.org/T285159
generic_textual	CRITICAL	https://phabricator.wikimedia.org/T285159
ssvc	Track*	https://phabricator.wikimedia.org/T285159
cvssv3.1	9.8	https://www.debian.org/security/2023/dsa-5447
generic_textual	CRITICAL	https://www.debian.org/security/2023/dsa-5447
ssvc	Track*	https://www.debian.org/security/2023/dsa-5447
cvssv3.1	9.8	https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10
generic_textual	CRITICAL	https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10
cvssv3.1	9.8	https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6
generic_textual	CRITICAL	https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6
cvssv3.1	9.8	https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3
generic_textual	CRITICAL	https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-29141
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
		https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
		https://github.com/wikimedia/mediawiki
		https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
		https://nvd.nist.gov/vuln/detail/CVE-2023-29141
		https://phabricator.wikimedia.org/T285159
		https://www.debian.org/security/2023/dsa-5447
		https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10
		https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6
		https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3
2183627		https://bugzilla.redhat.com/show_bug.cgi?id=2183627
cpe:2.3:a:mediawiki:mediawiki::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki::::::::
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
GHSA-5vj8-g3qg-4qh6		https://github.com/advisories/GHSA-5vj8-g3qg-4qh6
ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/
ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/ Found at https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/wikimedia/mediawiki

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-29141

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://phabricator.wikimedia.org/T285159

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/ Found at https://phabricator.wikimedia.org/T285159

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2023/dsa-5447

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/ Found at https://www.debian.org/security/2023/dsa-5447

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.36002
EPSS Score	0.00148
Published At	Aug. 16, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:43:58.642066+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-5vj8-g3qg-4qh6/GHSA-5vj8-g3qg-4qh6.json	37.0.0