Security Advisory

CVE-2023-29137

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-31 00:00:00

Last updated 2025-02-14 19:27:24

Assigner mitre

State PUBLISHED

Description

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.

← Browse all CVEs View on cve.org ↗