CVE-2024-47913

Published: Oct 4, 2024Modified: Jun 17, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.

Affected (3)

Products: Mediawiki: Mediawiki

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mediawiki Mediawiki	Before 1.39.9
Mediawiki Mediawiki	From 1.40.0 to 1.41.3
Mediawiki Mediawiki	From 1.42.0 to 1.42.2

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1076855

Source: cve@mitre.org

PatchVendor Advisory

https://phabricator.wikimedia.org/T372998

Source: cve@mitre.org

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.