Lucene search

[email protected]NVD:CVE-2024-29898

HistoryMar 28, 2024 - 2:15 p.m.

CVE-2024-29898

2024-03-2814:15:14

CWE-200

[email protected]

web.nvd.nist.gov

createwiki

miraheze's mediawiki

extension vulnerability

patch oversight

version 8f8442ed5299510ea3e58416004b9334134c149c

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

15.5%

JSON

CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the (read) permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c.

References

github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c

github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq

github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for NVD:CVE-2024-29898

vulnrichment2 osv2 cvelist2 cve2 nvd1