Unauthenticated Access to Hidden User Edits in GrowthExperiments Extension

Unauthenticated Access to Hidden User Edits in GrowthExperiments Extension

CVE-2023-29140 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

Learn more about our User Device Pen Test.