CVE-2024-29897

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-29897

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-29897.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-29897

Related

GHSA-4rcf-3cj2-46mq

Published

2024-03-28T14:15:14Z

Modified

2025-01-08T02:47:21Z

Summary

[none]

Details

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit 6bc0685. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937.

References

Affected packages

Git / github.com/miraheze/mw-config

Affected ranges

Type: GIT
Repo: https://github.com/miraheze/mw-config
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fb3e68bcef459e9cf2a415241b28042a6c9727e8

Fixed

fb3e68bcef459e9cf2a415241b28042a6c9727e8