CVE-2023-45374

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*

History

21 Nov 2024, 08:26

Type Values Removed Values Added
References () https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/952552/ - Issue Tracking, Vendor Advisory () https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/952552/ - Issue Tracking, Vendor Advisory
References () https://phabricator.wikimedia.org/T345040 - Issue Tracking, Vendor Advisory () https://phabricator.wikimedia.org/T345040 - Issue Tracking, Vendor Advisory

19 Sep 2024, 18:35

Type Values Removed Values Added
CWE CWE-352

12 Oct 2023, 16:06

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References (MISC) https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/952552/ - (MISC) https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/952552/ - Issue Tracking, Vendor Advisory
References (MISC) https://phabricator.wikimedia.org/T345040 - (MISC) https://phabricator.wikimedia.org/T345040 - Issue Tracking, Vendor Advisory
First Time Mediawiki
Mediawiki mediawiki
CPE cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3

09 Oct 2023, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-09 06:15

Updated : 2024-11-21 08:26


NVD link : CVE-2023-45374

Mitre link : CVE-2023-45374

CVE.ORG link : CVE-2023-45374


JSON object : View

Products Affected

mediawiki

  • mediawiki
CWE
NVD-CWE-noinfo CWE-352

Cross-Site Request Forgery (CSRF)