CVE-2024-29883

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29883
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it.

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch
https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9
https://issue-tracker.miraheze.org/T11993
https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch
https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9
https://issue-tracker.miraheze.org/T11993
Configurations

No configuration.

History

21 Nov 2024, 09:08

Type Values Removed Values Added
Summary
  • (es) CreateWiki es la extensión MediaWiki de Miraheze para solicitar y crear wikis. La supresión de solicitudes de wiki no funciona según lo previsto y siempre restringe la visibilidad a aquellos con el derecho de usuario `(createwiki)`, independientemente de la configuración que se establezca en una solicitud de wiki determinada. Esto puede exponer la información a usuarios que se supone que no pueden acceder a ella.
References () https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch - () https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch -
References () https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9 - () https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9 -
References () https://issue-tracker.miraheze.org/T11993 - () https://issue-tracker.miraheze.org/T11993 -

26 Mar 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-26 14:15

Updated : 2024-11-21 09:08

NVD link : CVE-2024-29883

Mitre link : CVE-2024-29883

CVE.ORG link : CVE-2024-29883

JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024