vulnerability
MediaWiki: Unspecified Security Vulnerability (CVE-2023-3550)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:S/C:C/I:C/A:N) | Sep 25, 2023 | Sep 28, 2023 | Feb 20, 2025 |
Severity
8
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:N)
Published
Sep 25, 2023
Added
Sep 28, 2023
Modified
Feb 20, 2025
Description
Mediawiki v1.40.0 does not validate namespaces used in XML files.
Therefore, if the instance administrator allows XML file uploads,
a remote attacker with a low-privileged user account can use this
exploit to become an administrator by sending a malicious link to
the instance administrator.
Solution
mediawiki-upgrade-latest
References
- CVE-2023-3550
- https://attackerkb.com/topics/CVE-2023-3550
- URL-https://fluidattacks.com/advisories/blondie/
- URL-https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html
- URL-https://lists.fedoraproject.org/archives/list/[email protected]/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
- URL-https://www.debian.org/security/2023/dsa-5520
- URL-https://www.mediawiki.org/wiki/MediaWiki/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.