CVE-2023-3550

Publication date 25 September 2023

Last updated 4 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.3 · High

Score breakdown

Description

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.

Status

Package Ubuntu Release Status
mediawiki 26.04 LTS resolute
Needs evaluation
25.10 questing
Needs evaluation
25.04 plucky Ignored end of life, was needs-triage
24.10 oracular Ignored end of life, was needs-triage
24.04 LTS noble
Needs evaluation
23.10 mantic Ignored end of life, was needs-triage
23.04 lunar Ignored end of life, was needs-triage
22.04 LTS jammy
Needs evaluation
20.04 LTS focal Ignored end of standard support, was needs-triage
18.04 LTS bionic Ignored end of standard support
16.04 LTS xenial Ignored end of standard support
14.04 LTS trusty Ignored end of standard support

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.3 · High

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

References

Other references

Access our resources on patching vulnerabilities