Vulnerability Description
ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unable to patch set `$wgAPIListModules['wikiconfig'] = 'ApiQueryDisabled';` or remove private config as a workaround.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Miraheze | Managewiki | < 2021-04-28 |
Related Weaknesses (CWE)
References
- https://github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679PatchThird Party Advisory
- https://github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vvMitigationPatchThird Party Advisory
- https://phabricator.miraheze.org/T7213Issue TrackingThird Party Advisory
- https://github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679PatchThird Party Advisory
- https://github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vvMitigationPatchThird Party Advisory
- https://phabricator.miraheze.org/T7213Issue TrackingThird Party Advisory
FAQ
What is CVE-2021-29483?
CVE-2021-29483 is a vulnerability with a CVSS score of 9.4 (CRITICAL). ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by...
How severe is CVE-2021-29483?
CVE-2021-29483 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-29483?
Check the references section above for vendor advisories and patch information. Affected products include: Miraheze Managewiki.