Search for vulnerabilities
Vulnerability details: VCID-d62n-qcdg-aaaf
Vulnerability ID VCID-d62n-qcdg-aaaf
Aliases CVE-2023-45364
Summary An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.
Status Published
Exploitability 0.5
Weighted Severity 4.8
Risk 2.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-732 Incorrect Permission Assignment for Critical Resource
System Score Found at
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
epss 0.00225 https://api.first.org/data/v1/epss?cve=CVE-2023-45364
cvssv3 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-45364
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-45364
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-45364
https://phabricator.wikimedia.org/T264765
https://www.debian.org/security/2023/dsa-5520
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
CVE-2023-45364 https://nvd.nist.gov/vuln/detail/CVE-2023-45364
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45364
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45364
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.24565
EPSS Score 0.00056
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.