CVE-2024-29897

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29897
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937.

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq
https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8
https://issue-tracker.miraheze.org/F3093343
https://issue-tracker.miraheze.org/T11999
https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq
https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8
https://issue-tracker.miraheze.org/F3093343
https://issue-tracker.miraheze.org/T11999
Configurations

No configuration.

History

21 Nov 2024, 09:08

Type Values Removed Values Added
References () https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq - () https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq -
References () https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8 - () https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8 -
References () https://issue-tracker.miraheze.org/F3093343 - () https://issue-tracker.miraheze.org/F3093343 -
References () https://issue-tracker.miraheze.org/T11999 - () https://issue-tracker.miraheze.org/T11999 -
Summary
  • (es) CreateWiki es la extensión MediaWiki de Miraheze para solicitar y crear wikis. Es posible que los usuarios con (delete) o (suppressrevision) en cualquier wiki de la granja accedan a solicitudes de wiki suprimidas yendo a la entrada de la solicitud en Special:RequestWikiQueue en el wiki donde tienen estos derechos. La misma vulnerabilidad estuvo presente brevemente en la API REST antes de ser corregida rápidamente en el commit `6bc0685`. Hasta donde sabemos, las confirmaciones vulnerables de la API REST no se están ejecutando en producción en ningún lugar. Esta vulnerabilidad se soluciona en 23415c17ffb4832667c06abcf1eadaefd4c8937.

28 Mar 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-28 14:15

Updated : 2024-11-21 09:08

NVD link : CVE-2024-29897

Mitre link : CVE-2024-29897

CVE.ORG link : CVE-2024-29897

JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024