Incorrect Access Control for Visibility of Hidden Users in CheckUserLog API

Incorrect Access Control for Visibility of Hidden Users in CheckUserLog API

CVE-2023-37300 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.

Learn more about our Api Penetration Testing.