4.9

CVE-2024-29897

EPSS 0.06%
Veröffentlicht 28.03.2024 14:15:14
Zuletzt bearbeitet 21.11.2024 09:08:34
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellermiraheze

≫

Produkt CreateWiki

Version < 23415c17ffb4832667c06abcf1eadadefd4c8937

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.189

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq

https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8

https://issue-tracker.miraheze.org/F3093343

https://issue-tracker.miraheze.org/T11999

https://nvd.nist.gov/vuln/detail/CVE-2024-29897

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29897

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29897

EUVD