Lucene search

GitHub_MCVE-2024-29883

HistoryMar 26, 2024 - 2:15 p.m.

CVE-2024-29883

2024-03-2614:15:09

CWE-200

GitHub_M

web.nvd.nist.gov

miraheze

createwiki

mediawiki

extension

visibility restriction

vulnerability

information exposure

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

15.5%

JSON

CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the (createwiki) user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it.

Affected configurations

Vulners

Node

mirahezecreatewikiRange<0c7c4f93834349be8f5c2a678e9a85b4b1aa7bab

VendorProductVersionCPE
mirahezecreatewiki*cpe:2.3:a:miraheze:createwiki:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
miraheze	createwiki	*	cpe:2.3:a:miraheze:createwiki::::::::

CNA Affected

[
  {
    "vendor": "miraheze",
    "product": "CreateWiki",
    "versions": [
      {
        "version": "< 0c7c4f93834349be8f5c2a678e9a85b4b1aa7bab",
        "status": "affected"
      }
    ]
  }
]

References

gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch

github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9

issue-tracker.miraheze.org/T11993

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for CVE-2024-29883