Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-29140
CVE-2023-29140:
NixOS vulnerability analysis and mitigation
Overview
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted (NVD).
Technical details
The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The issue stems from improper access control (CWE-284) where the system fails to verify rev_deleted status before displaying username information (NVD).
Impact
The vulnerability allows unauthorized access to hidden usernames in edit histories. This represents a privacy breach as it exposes information that was intentionally suppressed or hidden from public view (NVD).
Mitigation and workarounds
The issue affects MediaWiki through version 1.39.3. Users should upgrade to a patched version of the GrowthExperiments extension (NVD).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management