Vulnerability CVE-2023-29137
Published: 2023-03-31

Description:
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.

 References:
https://phabricator.wikimedia.org/T328643
Copyright 2026, cxsecurity.com

 

Back to Top