CVE-2024-29883

Published: Mar 26, 2024Modified: Jan 2, 2026

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: security-advisories@github.com (Secondary)

Description

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it.

Affected (1)

Products: Miraheze: Createwiki

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Miraheze Createwiki	Before 2024-03-26

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch

Source: security-advisories@github.com

Patch

https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9

Source: security-advisories@github.com

PatchVendor Advisory

https://issue-tracker.miraheze.org/T11993

Source: security-advisories@github.com

ExploitIssue Tracking

https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://issue-tracker.miraheze.org/T11993

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

Timeline

No history available yet.