Search for vulnerabilities
Vulnerability details: VCID-at1z-tdh1-aaan
Vulnerability ID VCID-at1z-tdh1-aaan
Aliases CVE-2023-45362
Summary An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
epss 0.00593 https://api.first.org/data/v1/epss?cve=CVE-2023-45362
cvssv3 4.3 https://nvd.nist.gov/vuln/detail/CVE-2023-45362
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2023-45362
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45362.json
https://api.first.org/data/v1/epss?cve=CVE-2023-45362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
https://phabricator.wikimedia.org/T341529
2247805 https://bugzilla.redhat.com/show_bug.cgi?id=2247805
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.40.0:rc0:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.40.0:rc0:*:*:*:*:*:*
CVE-2023-45362 https://nvd.nist.gov/vuln/detail/CVE-2023-45362
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45362
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45362
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.25154
EPSS Score 0.00058
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.