How severe is CVE-2023-22912?

CVE-2023-22912 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-22912

Name: mediawiki
Author: mediawiki

5.3MEDIUM

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-use

Publicado: 1/20/2023Atualizado: 4/3/2025

Descrição

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.

Análise IADesenvolvido por IA

Produtos Afetados

mediawikimediawiki

1.39.0

mediawikimediawiki

1.39.0

mediawikimediawiki

1.39.0

Referências

https://phabricator.wikimedia.org/T315123
ExploitIssue TrackingPatchVendor Advisory
https://phabricator.wikimedia.org/T315123
ExploitIssue TrackingPatchVendor Advisory