Lucene search
K

50 matches found

NVD
NVD
added 2024/05/14 3:39 p.m.13 views

CVE-2024-34701

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...

5.9CVSS5.6AI score0.00647EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

CreateWiki 安全漏洞

CreateWiki is a MediaWiki extension for Miraheze for requesting and creating wikis. A security vulnerability exists in CreateWiki that stems from an issue with fake wiki requestors...

5.9CVSS6.7AI score0.00647EPSS
Exploits0References8
CVE
CVE
added 2024/05/13 3:54 p.m.68 views

CVE-2024-34701

Summary: CVE-2024-34701 affects Miraheze’s CreateWiki MediaWiki extension. An attacker could be considered the requester for a wiki request if their local user ID on any wiki in the farm matches the requester’s local ID on the target wiki, enabling actions the requester is allowed to perform via ...

5.9CVSS6.5AI score0.00647EPSS
Exploits0References6
NVD
NVD
added 2024/03/28 2:15 p.m.15 views

CVE-2024-29897

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with delete or suppressrevision on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. T...

4.9CVSS4.9AI score0.00708EPSS
Exploits0References4
NVD
NVD
added 2024/03/28 2:15 p.m.22 views

CVE-2024-29898

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...

6.5CVSS4.9AI score0.00708EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/28 1:43 p.m.21 views

CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...

4.9CVSS5.2AI score0.00691EPSS
Exploits0References3
OSV
OSV
added 2024/03/28 1:43 p.m.31 views

CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...

4.9CVSS6.5AI score0.00691EPSS
Exploits0References5
CVE
CVE
added 2024/03/28 1:43 p.m.75 views

CVE-2024-29898

The CVE-2024-29898 entry concerns Miraheze’s CreateWiki (MediaWiki extension). Affected behavior: during patching for CVE-2024-29897, an oversight could cause suppressed wiki requests listed on Special:RequestWikiQueue to be accessible to users on private wikis who had the (read) permission not r...

6.5CVSS4.8AI score0.00708EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/28 1:40 p.m.13 views

CVE-2024-29897 CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki`

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with delete or suppressrevision on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. T...

4.9CVSS7AI score0.00708EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/28 12:0 a.m.5 views

CreateWiki 安全漏洞

CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki that could expose suppressed wiki requests to private wikis...

6.5CVSS6.7AI score0.00691EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.5 views

PT-2024-23118 · Mediawiki · Createwiki

Name of the Vulnerable Software and Affected Versions: CreateWiki versions prior to 23415c17ffb4832667c06abcf1eadadefd4c8937 Description: The issue affects CreateWiki, a MediaWiki extension used for requesting and creating wikis on Miraheze. Users with specific rights, such as delete or...

4.9CVSS7.2AI score0.00708EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/03/28 12:0 a.m.5 views

CreateWiki 安全漏洞

CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki. An attacker can exploit this vulnerability to access suppressed wiki requests...

4.9CVSS6.5AI score0.00708EPSS
Exploits0References5
NVD
NVD
added 2024/03/26 2:15 p.m.14 views

CVE-2024-29883

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the createwiki user right regardless of the settings one sets on a given wiki request. This may expose information to...

4.9CVSS4.9AI score0.00603EPSS
Exploits1References3
CVE
CVE
added 2024/03/26 1:37 p.m.64 views

CVE-2024-29883

The CVE concerns Miraheze’s CreateWiki extension for MediaWiki. The issue: suppression of wiki requests does not respect configured visibility settings, causing leakage of information to users lacking the appropriate createWiki right. This is described as the underlying behavior that restricted v...

4.9CVSS4.9AI score0.00603EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/26 1:37 p.m.16 views

CVE-2024-29883 CreateWiki's wiki request suppression ignores the suppression settings set by the suppressor

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the createwiki user right regardless of the settings one sets on a given wiki request. This may expose information to...

4.9CVSS6.6AI score0.00603EPSS
Exploits1References3
OSV
OSV
added 2024/03/26 1:37 p.m.6 views

CVE-2024-29883 CreateWiki's wiki request suppression ignores the suppression settings set by the suppressor

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the createwiki user right regardless of the settings one sets on a given wiki request. This may expose information to...

4.9CVSS6.6AI score0.00603EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/03/26 1:37 p.m.21 views

CVE-2024-29883 CreateWiki's wiki request suppression ignores the suppression settings set by the suppressor

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the createwiki user right regardless of the settings one sets on a given wiki request. This may expose information to...

4.9CVSS5.3AI score0.00603EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.5 views

PT-2024-23107

Name of the Vulnerable Software and Affected Versions CreateWiki affected versions not specified Description The issue affects CreateWiki, Miraheze's MediaWiki extension for requesting and creating wikis. Suppression of wiki requests does not work as intended, always restricting visibility to tho...

4.9CVSS6.4AI score0.00603EPSS
Exploits1References8
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.9 views

CreateWiki 安全漏洞

CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki that originates from exposing information to users who should not have access to that information...

4.9CVSS6.5AI score0.00603EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/02/08 10:46 p.m.51 views

CVE-2024-25107 Cross-Site Scripting in WikiDiscover

WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wikicreation column. This function uses interface messages to translate the nam...

4.9CVSS6.1AI score0.00402EPSS
Exploits0References3
Rows per page
Query Builder