50 matches found
CVE-2024-34701
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
CreateWiki 安全漏洞
CreateWiki is a MediaWiki extension for Miraheze for requesting and creating wikis. A security vulnerability exists in CreateWiki that stems from an issue with fake wiki requestors...
CVE-2024-34701
Summary: CVE-2024-34701 affects Miraheze’s CreateWiki MediaWiki extension. An attacker could be considered the requester for a wiki request if their local user ID on any wiki in the farm matches the requester’s local ID on the target wiki, enabling actions the requester is allowed to perform via ...
CVE-2024-29897
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with delete or suppressrevision on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. T...
CVE-2024-29898
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...
CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...
CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...
CVE-2024-29898
The CVE-2024-29898 entry concerns Miraheze’s CreateWiki (MediaWiki extension). Affected behavior: during patching for CVE-2024-29897, an oversight could cause suppressed wiki requests listed on Special:RequestWikiQueue to be accessible to users on private wikis who had the (read) permission not r...
CVE-2024-29897 CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki`
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with delete or suppressrevision on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. T...
CreateWiki 安全漏洞
CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki that could expose suppressed wiki requests to private wikis...
PT-2024-23118 · Mediawiki · Createwiki
Name of the Vulnerable Software and Affected Versions: CreateWiki versions prior to 23415c17ffb4832667c06abcf1eadadefd4c8937 Description: The issue affects CreateWiki, a MediaWiki extension used for requesting and creating wikis on Miraheze. Users with specific rights, such as delete or...
CreateWiki 安全漏洞
CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki. An attacker can exploit this vulnerability to access suppressed wiki requests...
CVE-2024-29883
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the createwiki user right regardless of the settings one sets on a given wiki request. This may expose information to...
CVE-2024-29883
The CVE concerns Miraheze’s CreateWiki extension for MediaWiki. The issue: suppression of wiki requests does not respect configured visibility settings, causing leakage of information to users lacking the appropriate createWiki right. This is described as the underlying behavior that restricted v...
CVE-2024-29883 CreateWiki's wiki request suppression ignores the suppression settings set by the suppressor
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the createwiki user right regardless of the settings one sets on a given wiki request. This may expose information to...
CVE-2024-29883 CreateWiki's wiki request suppression ignores the suppression settings set by the suppressor
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the createwiki user right regardless of the settings one sets on a given wiki request. This may expose information to...
CVE-2024-29883 CreateWiki's wiki request suppression ignores the suppression settings set by the suppressor
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the createwiki user right regardless of the settings one sets on a given wiki request. This may expose information to...
PT-2024-23107
Name of the Vulnerable Software and Affected Versions CreateWiki affected versions not specified Description The issue affects CreateWiki, Miraheze's MediaWiki extension for requesting and creating wikis. Suppression of wiki requests does not work as intended, always restricting visibility to tho...
CreateWiki 安全漏洞
CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki that originates from exposing information to users who should not have access to that information...
CVE-2024-25107 Cross-Site Scripting in WikiDiscover
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wikicreation column. This function uses interface messages to translate the nam...