CVE-2024-29898

Published: Mar 28, 2024Modified: Jan 8, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c.

Affected (1)

Products: Miraheze: Createwiki

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Miraheze Createwiki	Before 2024-03-27

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c

Source: security-advisories@github.com

Patch

https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq

Source: security-advisories@github.com

Not Applicable

https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v

Source: security-advisories@github.com

PatchVendor Advisory

https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.