Lucene search

GitHub_MCVELIST:CVE-2022-24813

HistoryApr 04, 2022 - 5:40 p.m.

CVE-2022-24813 Authentication Bypass Using an Alternate Path or Channel in CreateWiki

2022-04-0417:40:11

CWE-287

CWE-288

GitHub_M

www.cve.org

authentication bypass

createwiki

miraheze

mediawiki

requestwikiqueue

github repository

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

30.8%

JSON

CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the master branch of CreateWiki’s GitHub repository.

CNA Affected

[
  {
    "product": "CreateWiki",
    "vendor": "miraheze",
    "versions": [
      {
        "status": "affected",
        "version": "< d0ae79843d689832ccac765d6b1721e668d99ab9"
      }
    ]
  }
]

References

github.com/miraheze/CreateWiki/commit/d0ae79843d689832ccac765d6b1721e668d99ab9

github.com/miraheze/CreateWiki/security/advisories/GHSA-9xvw-w66v-prvg

phabricator.miraheze.org/T9018

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

30.8%

JSON

Related for CVELIST:CVE-2022-24813