How severe is CVE-2023-22912?

CVE-2023-22912 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-22912

Name: mediawiki
Author: mediawiki

5.3MEDIUM

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-use

Published: 1/20/2023Updated: 4/3/2025

Description

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.

AI AnalysisPowered by AI

Affected Products

mediawikimediawiki

1.39.0

mediawikimediawiki

1.39.0

mediawikimediawiki

1.39.0

References

https://phabricator.wikimedia.org/T315123
ExploitIssue TrackingPatchVendor Advisory
https://phabricator.wikimedia.org/T315123
ExploitIssue TrackingPatchVendor Advisory