Vulnerability Description
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Miraheze | Createwiki | < 2024-03-26 |
Related Weaknesses (CWE)
References
- https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0bPatch
- https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9PatchVendor Advisory
- https://issue-tracker.miraheze.org/T11993ExploitIssue Tracking
- https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0bPatch
- https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9PatchVendor Advisory
- https://issue-tracker.miraheze.org/T11993ExploitIssue Tracking
FAQ
What is CVE-2024-29883?
CVE-2024-29883 is a vulnerability with a CVSS score of 4.9 (MEDIUM). CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` u...
How severe is CVE-2024-29883?
CVE-2024-29883 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-29883?
Check the references section above for vendor advisories and patch information. Affected products include: Miraheze Createwiki.