How severe is CVE-2023-22912?

CVE-2023-22912 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-22912

Name: mediawiki
Author: mediawiki

5.3MEDIUM

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-use

Опубликовано: 1/20/2023Обновлено: 4/3/2025

Описание

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.

ИИ-АнализНа базе ИИ

Затронутые продукты

mediawikimediawiki

1.39.0

mediawikimediawiki

1.39.0

mediawikimediawiki

1.39.0

Ссылки

https://phabricator.wikimedia.org/T315123
ExploitIssue TrackingPatchVendor Advisory
https://phabricator.wikimedia.org/T315123
ExploitIssue TrackingPatchVendor Advisory