CVE-2023-29140
5.3
MEDIUM
CVSS 3.1
EPSS 0.14%
Description
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.
How to fix CVE-2023-29140
To remediate CVE-2023-29140, upgrade the affected package to a fixed version below.
- Bitnami/mediawiki—upgrade to 1.39.4 or later
Is CVE-2023-29140 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.39.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |