CVE-2023-45371 – This vulnerability allows attackers to perform ... (How to Fix)

Q: How do I fix CVE-2023-45371?

1. Update MediaWiki to patched version. 2. Update Wikibase extension. 3. Clear caches if applicable.

Q: What is the severity of CVE-2023-45371?

CVE-2023-45371 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to perform unlimited item merging operations in Wikibase, potentially disrupting data integrity and availability. It affects MediaWiki installations with the Wikibase extension running vulnerable versions. Any user with item merging permissions can exploit this lack of rate limiting.

📋 TL;DR

This vulnerability allows attackers to perform unlimited item merging operations in Wikibase, potentially disrupting data integrity and availability. It affects MediaWiki installations with the Wikibase extension running vulnerable versions. Any user with item merging permissions can exploit this lack of rate limiting.

💻 Affected Systems

Products:

MediaWiki with Wikibase extension

Versions: MediaWiki <1.35.12, 1.36.x-1.39.x <1.39.5, 1.40.x <1.40.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with Wikibase extension enabled and where users have item merging permissions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious actors could merge all items in the database, causing permanent data loss, service disruption, and requiring complete restoration from backups.

🟠

Likely Case

Attackers could merge significant numbers of items, creating data inconsistencies, broken links, and requiring manual cleanup operations.

🟢

If Mitigated

With proper rate limiting controls, impact would be limited to occasional legitimate merging operations with minimal disruption.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication with item merging permissions. Simple script can automate merging operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MediaWiki 1.35.12, 1.39.5, 1.40.1 or later

Vendor Advisory: https://phabricator.wikimedia.org/T345064

Restart Required: No

Instructions:

1. Update MediaWiki to patched version. 2. Update Wikibase extension. 3. Clear caches if applicable.

🔧 Temporary Workarounds

Implement custom rate limiting

all

Add rate limiting for item merging operations via MediaWiki configuration or extension hooks

Configure $wgRateLimits in LocalSettings.php with appropriate limits for 'mergeitem' action

Restrict merging permissions

all

Temporarily remove item merging permissions from non-essential users

Modify user group permissions to remove 'item-merge' right

🧯 If You Can't Patch

Implement strict monitoring of item merging operations and alert on unusual patterns
Reduce number of users with item merging permissions to absolute minimum

🔍 How to Verify

Check if Vulnerable:

Check MediaWiki version and Wikibase extension version against affected ranges

Check Version:

Check MediaWiki version in includes/DefaultSettings.php or via Special:Version page

Verify Fix Applied:

Verify MediaWiki version is 1.35.12+, 1.39.5+, or 1.40.1+ and test item merging with rate limiting

📡 Detection & Monitoring

Log Indicators:

High frequency of 'mergeitem' actions in MediaWiki logs
Multiple item merges from single user in short timeframe

Network Indicators:

Unusual API call patterns to item merging endpoints

SIEM Query:

source="mediawiki" action="mergeitem" | stats count by user | where count > threshold

📊 Metadata

CVE ID: CVE-2023-45371

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

Published: October 9, 2023

Last Updated: November 21, 2024

🔗 References

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264 Issue Tracking,Vendor Advisory
https://phabricator.wikimedia.org/T345064 Issue Tracking,Permissions Required
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264 Issue Tracking,Vendor Advisory
https://phabricator.wikimedia.org/T345064 Issue Tracking,Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45371, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mediawiki by Mediawiki

Mediawiki by Mediawiki

Mediawiki by Mediawiki

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Implement custom rate limiting

Restrict merging permissions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities