Vulnerability Details CVE-2024-29883
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.8%
CVSS Severity
CVSS v3 Score 4.9
References
- https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch
- https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9
- https://issue-tracker.miraheze.org/T11993
- https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch
- https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9
- https://issue-tracker.miraheze.org/T11993
Products affected by CVE-2024-29883
-
cpe:2.3:a:miraheze:createwiki:-
-
cpe:2.3:a:miraheze:createwiki:2018-11-07
-
cpe:2.3:a:miraheze:createwiki:2022-04-02