Search criteria
21 vulnerabilities by miraheze
CVE-2025-53371 (GCVE-0-2025-53371)
Vulnerability from cvelistv5 – Published: 2025-07-10 17:26 – Updated: 2025-07-10 17:47
VLAI?
Title
DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs
Summary
DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e.
Severity ?
9.1 (Critical)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | DiscordNotifications |
Affected:
< 1f20d850cbcce5b15951c7c6127b87b927a5415e
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T17:47:50.722427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T17:47:56.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DiscordNotifications",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c 1f20d850cbcce5b15951c7c6127b87b927a5415e"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T17:26:02.512Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/DiscordNotifications/security/advisories/GHSA-gvfx-p3h5-qf65",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/DiscordNotifications/security/advisories/GHSA-gvfx-p3h5-qf65"
},
{
"name": "https://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e"
}
],
"source": {
"advisory": "GHSA-gvfx-p3h5-qf65",
"discovery": "UNKNOWN"
},
"title": "DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53371",
"datePublished": "2025-07-10T17:26:02.512Z",
"dateReserved": "2025-06-27T12:57:16.121Z",
"dateUpdated": "2025-07-10T17:47:56.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43861 (GCVE-0-2025-43861)
Vulnerability from cvelistv5 – Published: 2025-04-24 20:49 – Updated: 2025-04-25 19:32
VLAI?
Title
ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection
Summary
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc.
Severity ?
4.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | ManageWiki |
Affected:
< 2f177dc
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T19:31:56.539838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T19:32:14.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ManageWiki",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c 2f177dc"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the \"Review Changes\" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T20:49:57.692Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-859x-46h8-vcrv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-859x-46h8-vcrv"
},
{
"name": "https://github.com/miraheze/ManageWiki/commit/2f177dc83b28b727613215b835d4036cb179e4ab",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/ManageWiki/commit/2f177dc83b28b727613215b835d4036cb179e4ab"
}
],
"source": {
"advisory": "GHSA-859x-46h8-vcrv",
"discovery": "UNKNOWN"
},
"title": "ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-43861",
"datePublished": "2025-04-24T20:49:57.692Z",
"dateReserved": "2025-04-17T20:07:08.556Z",
"dateUpdated": "2025-04-25T19:32:14.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32964 (GCVE-0-2025-32964)
Vulnerability from cvelistv5 – Published: 2025-04-22 17:15 – Updated: 2025-04-22 17:35
VLAI?
Title
ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions
Summary
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions.
Severity ?
4.6 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | ManageWiki |
Affected:
< 00bebea
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T17:35:26.566312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:35:37.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ManageWiki",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c 00bebea"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:15:03.200Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-ccrf-x5rp-gppr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-ccrf-x5rp-gppr"
},
{
"name": "https://github.com/miraheze/ManageWiki/commit/00bebea43a3e3ff0157b5f04df17c1d1e88a9acd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/ManageWiki/commit/00bebea43a3e3ff0157b5f04df17c1d1e88a9acd"
}
],
"source": {
"advisory": "GHSA-ccrf-x5rp-gppr",
"discovery": "UNKNOWN"
},
"title": "ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32964",
"datePublished": "2025-04-22T17:15:03.200Z",
"dateReserved": "2025-04-14T21:47:11.453Z",
"dateUpdated": "2025-04-22T17:35:37.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32956 (GCVE-0-2025-32956)
Vulnerability from cvelistv5 – Published: 2025-04-21 20:45 – Updated: 2025-05-12 15:40
VLAI?
Title
ManageWiki has SQL injection vulnerability in NamespaceMigrationJob
Summary
ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting `$wgManageWiki['namespaces'] = false;`.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | ManageWiki |
Affected:
< f504ed8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T13:37:16.343745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T13:37:53.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-12T15:40:28.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-32956-detect-mediawiki-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-32956-mitigate-mediawiki-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "ManageWiki",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c f504ed8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting `$wgManageWiki[\u0027namespaces\u0027] = false;`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T20:45:49.523Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-gg42-cv66-f5x7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-gg42-cv66-f5x7"
},
{
"name": "https://github.com/miraheze/ManageWiki/commit/f504ed8eeb59b57ebb90f93cd44f23da4c5bc4c9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/ManageWiki/commit/f504ed8eeb59b57ebb90f93cd44f23da4c5bc4c9"
}
],
"source": {
"advisory": "GHSA-gg42-cv66-f5x7",
"discovery": "UNKNOWN"
},
"title": "ManageWiki has SQL injection vulnerability in NamespaceMigrationJob"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32956",
"datePublished": "2025-04-21T20:45:49.523Z",
"dateReserved": "2025-04-14T21:47:11.452Z",
"dateUpdated": "2025-05-12T15:40:28.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47815 (GCVE-0-2024-47815)
Vulnerability from cvelistv5 – Published: 2024-10-09 18:21 – Updated: 2024-10-09 19:48
VLAI?
Title
Cross-site Scripting in IncidentReporting
Summary
IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editincidents` right, some are available to those who can edit interface messages (typically administrators and interface admins), and one is available to those who can edit LocalSettings.php. These issues have been addressed in commit `43896a4` and all users are advised to upgrade. Users unable to upgrade should prevent access to the Special:IncidentReports page.
Severity ?
6 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | IncidentReporting |
Affected:
commits prior to 43896a4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:47:48.120176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:48:04.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IncidentReporting",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "commits prior to 43896a4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editincidents` right, some are available to those who can edit interface messages (typically administrators and interface admins), and one is available to those who can edit LocalSettings.php. These issues have been addressed in commit `43896a4` and all users are advised to upgrade. Users unable to upgrade should prevent access to the Special:IncidentReports page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:21:58.981Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/IncidentReporting/security/advisories/GHSA-9p36-hrmr-98r9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/IncidentReporting/security/advisories/GHSA-9p36-hrmr-98r9"
},
{
"name": "https://github.com/miraheze/IncidentReporting/commit/43896a47de4e05ac94ec0472c220da944da16c5c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/IncidentReporting/commit/43896a47de4e05ac94ec0472c220da944da16c5c"
},
{
"name": "https://issue-tracker.miraheze.org/T12702",
"tags": [
"x_refsource_MISC"
],
"url": "https://issue-tracker.miraheze.org/T12702"
}
],
"source": {
"advisory": "GHSA-9p36-hrmr-98r9",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting in IncidentReporting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47815",
"datePublished": "2024-10-09T18:21:58.981Z",
"dateReserved": "2024-10-03T14:06:12.638Z",
"dateUpdated": "2024-10-09T19:48:04.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47816 (GCVE-0-2024-47816)
Vulnerability from cvelistv5 – Published: 2024-10-09 18:19 – Updated: 2024-10-09 19:44
VLAI?
Title
Users can impersonate import requesters if their actor IDs coincide in ImportDump
Summary
ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they're the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it's marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that.
Severity ?
6.4 (Medium)
CWE
- CWE-282 - Improper Ownership Management
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | ImportDump |
Affected:
commits prior to 5c91dfc
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:44:13.313675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:44:51.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ImportDump",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "commits prior to 5c91dfc"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImportDump is a mediawiki extension designed to automate user import requests. A user\u0027s local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they\u0027re the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it\u0027s marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-282",
"description": "CWE-282: Improper Ownership Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:19:17.108Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-jjmq-mg36-6387",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-jjmq-mg36-6387"
},
{
"name": "https://github.com/miraheze/ImportDump/commit/5c91dfce78320e717516ee65ef5a05f01979ee6c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/ImportDump/commit/5c91dfce78320e717516ee65ef5a05f01979ee6c"
},
{
"name": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc"
},
{
"name": "https://issue-tracker.miraheze.org/T12701",
"tags": [
"x_refsource_MISC"
],
"url": "https://issue-tracker.miraheze.org/T12701"
}
],
"source": {
"advisory": "GHSA-jjmq-mg36-6387",
"discovery": "UNKNOWN"
},
"title": "Users can impersonate import requesters if their actor IDs coincide in ImportDump"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47816",
"datePublished": "2024-10-09T18:19:17.108Z",
"dateReserved": "2024-10-03T14:06:12.638Z",
"dateUpdated": "2024-10-09T19:44:51.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47812 (GCVE-0-2024-47812)
Vulnerability from cvelistv5 – Published: 2024-10-09 18:12 – Updated: 2024-10-09 19:42
VLAI?
Title
Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump
Summary
ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This issue has been patched in commit `d054b95` and all users are advised to apply this commit to their branch. Users unable to upgrade may either Prevent access to Special:RequestImportQueue on all wikis, except for the global wiki; and If an interface administrator (or equivalent) level protection is available (which is not provided by default) on the global wiki, protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. Or Prevent access to Special:RequestImportQueue altogether.
Severity ?
6 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | ImportDump |
Affected:
commits priot to d054b95
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:42:40.909287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:42:51.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ImportDump",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "commits priot to d054b95"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This issue has been patched in commit `d054b95` and all users are advised to apply this commit to their branch. Users unable to upgrade may either Prevent access to Special:RequestImportQueue on all wikis, except for the global wiki; and If an interface administrator (or equivalent) level protection is available (which is not provided by default) on the global wiki, protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. Or Prevent access to Special:RequestImportQueue altogether."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:12:31.929Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-465h-45v4-6fx9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-465h-45v4-6fx9"
},
{
"name": "https://github.com/miraheze/ImportDump/commit/d054b9529129af79d4426df24faa80014cb16602",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/ImportDump/commit/d054b9529129af79d4426df24faa80014cb16602"
},
{
"name": "https://issue-tracker.miraheze.org/T12698",
"tags": [
"x_refsource_MISC"
],
"url": "https://issue-tracker.miraheze.org/T12698"
}
],
"source": {
"advisory": "GHSA-465h-45v4-6fx9",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47812",
"datePublished": "2024-10-09T18:12:31.929Z",
"dateReserved": "2024-10-03T14:06:12.636Z",
"dateUpdated": "2024-10-09T19:42:51.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47781 (GCVE-0-2024-47781)
Vulnerability from cvelistv5 – Published: 2024-10-07 21:30 – Updated: 2024-10-08 14:13
VLAI?
Title
Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki
Summary
CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS payload, their user session can be abused to retrieve deleted wiki requests, which typically contains private information. Likewise, this can also be abused on those with the ability to suppress requests to view sensitive information. This issue has been patched with commit `693a220` and all users are advised to apply the patch. Users unable to upgrade should disable Javascript and/or prevent access to the vulnerable page (Special:RequestWikiQueue).
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | CreateWiki |
Affected:
commits before 693a220f399ee7eb4d00e77c3c667e864b1bd306
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:13:12.961123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:13:28.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CreateWiki",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "commits before 693a220f399ee7eb4d00e77c3c667e864b1bd306"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CreateWiki is an extension used at Miraheze for requesting \u0026 creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS payload, their user session can be abused to retrieve deleted wiki requests, which typically contains private information. Likewise, this can also be abused on those with the ability to suppress requests to view sensitive information. This issue has been patched with commit `693a220` and all users are advised to apply the patch. Users unable to upgrade should disable Javascript and/or prevent access to the vulnerable page (Special:RequestWikiQueue)."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T21:30:23.058Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-h527-jh77-5g7j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-h527-jh77-5g7j"
},
{
"name": "https://github.com/miraheze/CreateWiki/commit/693a220f399ee7eb4d00e77c3c667e864b1bd306",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/CreateWiki/commit/693a220f399ee7eb4d00e77c3c667e864b1bd306"
},
{
"name": "https://issue-tracker.miraheze.org/T12693",
"tags": [
"x_refsource_MISC"
],
"url": "https://issue-tracker.miraheze.org/T12693"
}
],
"source": {
"advisory": "GHSA-h527-jh77-5g7j",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47781",
"datePublished": "2024-10-07T21:30:23.058Z",
"dateReserved": "2024-09-30T21:28:53.236Z",
"dateUpdated": "2024-10-08T14:13:28.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47782 (GCVE-0-2024-47782)
Vulnerability from cvelistv5 – Published: 2024-10-07 21:28 – Updated: 2024-10-08 14:11
VLAI?
Title
Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover
Summary
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`.
Severity ?
7.6 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | WikiDiscover |
Affected:
commits before 2ce846dd93ddb9ec86f7472c4d57fe71a09dc827
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47782",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:11:34.331700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:11:43.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WikiDiscover",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "commits before 2ce846dd93ddb9ec86f7472c4d57fe71a09dc827"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T21:28:01.299Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-wf48-rqx3-39mf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-wf48-rqx3-39mf"
},
{
"name": "https://github.com/miraheze/WikiDiscover/commit/2ce846dd93ddb9ec86f7472c4d57fe71a09dc827",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/WikiDiscover/commit/2ce846dd93ddb9ec86f7472c4d57fe71a09dc827"
},
{
"name": "https://issue-tracker.miraheze.org/T12697",
"tags": [
"x_refsource_MISC"
],
"url": "https://issue-tracker.miraheze.org/T12697"
}
],
"source": {
"advisory": "GHSA-wf48-rqx3-39mf",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47782",
"datePublished": "2024-10-07T21:28:01.299Z",
"dateReserved": "2024-09-30T21:28:53.236Z",
"dateUpdated": "2024-10-08T14:11:43.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47612 (GCVE-0-2024-47612)
Vulnerability from cvelistv5 – Published: 2024-10-02 14:22 – Updated: 2024-10-02 15:12
VLAI?
Title
XSS in Special:DataDump when displaying dump status
Summary
DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:59:00.607636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:12:04.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DataDump",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c 601688ee8e8808a23b102fa305b178f27cbd226d"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T14:22:52.059Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/DataDump/security/advisories/GHSA-h8x8-24c7-r2rj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/DataDump/security/advisories/GHSA-h8x8-24c7-r2rj"
},
{
"name": "https://github.com/miraheze/DataDump/commit/601688ee8e8808a23b102fa305b178f27cbd226d.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/DataDump/commit/601688ee8e8808a23b102fa305b178f27cbd226d.patch"
},
{
"name": "https://issue-tracker.miraheze.org/T12670",
"tags": [
"x_refsource_MISC"
],
"url": "https://issue-tracker.miraheze.org/T12670"
}
],
"source": {
"advisory": "GHSA-h8x8-24c7-r2rj",
"discovery": "UNKNOWN"
},
"title": "XSS in Special:DataDump when displaying dump status"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47612",
"datePublished": "2024-10-02T14:22:52.059Z",
"dateReserved": "2024-09-27T20:37:22.120Z",
"dateUpdated": "2024-10-02T15:12:04.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34701 (GCVE-0-2024-34701)
Vulnerability from cvelistv5 – Published: 2024-05-13 15:54 – Updated: 2024-08-02 02:59
VLAI?
Title
CreateWiki vulnerable to impersonation of wiki requester
Summary
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made. This allows them to go to that request entry's on Special:RequestWikiQueue on the wiki where their local user ID matches and take any actions that the wiki requester is allowed to take from there.
Commit 02e0f298f8d35155c39aa74193cb7b867432c5b8 fixes the issue. Important note about the fix: This vulnerability has been fixed by disabling access to the REST API and special pages outside of the wiki configured as the "global wiki" in `$wgCreateWikiGlobalWiki` in a user's MediaWiki settings.
As a workaround, it is possible to disable the special pages outside of one's own global wiki by doing something similar to `miraheze/mw-config` commit e5664995fbb8644f9a80b450b4326194f20f9ddc that is adapted to one's own setup. As for the REST API, before the fix, there wasn't any REST endpoint that allowed one to make writes. Regardless, it is possible to also disable it outside of the global wiki by using `$wgCreateWikiDisableRESTAPI` and `$wgConf` in the configuration for one's own wiki farm..
Severity ?
5.9 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | CreateWiki |
Affected:
< 02e0f298f8d35155c39aa74193cb7b867432c5b8
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:miraheze:createwiki:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "createwiki",
"vendor": "miraheze",
"versions": [
{
"lessThan": "02e0f298f8d35155c39aa74193cb7b867432c5b8 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T17:28:58.059975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:06:13.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:21.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64"
},
{
"name": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8"
},
{
"name": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191"
},
{
"name": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc"
},
{
"name": "https://issue-tracker.miraheze.org/T12011",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issue-tracker.miraheze.org/T12011"
},
{
"name": "https://issue-tracker.miraheze.org/T12102",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issue-tracker.miraheze.org/T12102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CreateWiki",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c 02e0f298f8d35155c39aa74193cb7b867432c5b8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made. This allows them to go to that request entry\u0027s on Special:RequestWikiQueue on the wiki where their local user ID matches and take any actions that the wiki requester is allowed to take from there.\n\nCommit 02e0f298f8d35155c39aa74193cb7b867432c5b8 fixes the issue. Important note about the fix: This vulnerability has been fixed by disabling access to the REST API and special pages outside of the wiki configured as the \"global wiki\" in `$wgCreateWikiGlobalWiki` in a user\u0027s MediaWiki settings.\n\nAs a workaround, it is possible to disable the special pages outside of one\u0027s own global wiki by doing something similar to `miraheze/mw-config` commit e5664995fbb8644f9a80b450b4326194f20f9ddc that is adapted to one\u0027s own setup. As for the REST API, before the fix, there wasn\u0027t any REST endpoint that allowed one to make writes. Regardless, it is possible to also disable it outside of the global wiki by using `$wgCreateWikiDisableRESTAPI` and `$wgConf` in the configuration for one\u0027s own wiki farm.."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T15:54:12.956Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64"
},
{
"name": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8"
},
{
"name": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191"
},
{
"name": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc"
},
{
"name": "https://issue-tracker.miraheze.org/T12011",
"tags": [
"x_refsource_MISC"
],
"url": "https://issue-tracker.miraheze.org/T12011"
},
{
"name": "https://issue-tracker.miraheze.org/T12102",
"tags": [
"x_refsource_MISC"
],
"url": "https://issue-tracker.miraheze.org/T12102"
}
],
"source": {
"advisory": "GHSA-89fx-77w7-rc64",
"discovery": "UNKNOWN"
},
"title": "CreateWiki vulnerable to impersonation of wiki requester"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34701",
"datePublished": "2024-05-13T15:54:12.956Z",
"dateReserved": "2024-05-07T13:53:00.132Z",
"dateUpdated": "2024-08-02T02:59:21.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29898 (GCVE-0-2024-29898)
Vulnerability from cvelistv5 – Published: 2024-03-28 13:43 – Updated: 2024-08-02 01:17
VLAI?
Title
Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis
Summary
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c.
Severity ?
4.9 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | CreateWiki |
Affected:
23415c17ffb4832667c06abcf1eadadefd4c8937
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-10T19:46:01.481261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:54.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:17:58.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v"
},
{
"name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq"
},
{
"name": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CreateWiki",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "23415c17ffb4832667c06abcf1eadadefd4c8937"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-28T13:43:07.988Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v"
},
{
"name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq"
},
{
"name": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c"
}
],
"source": {
"advisory": "GHSA-5rcv-cf88-gv8v",
"discovery": "UNKNOWN"
},
"title": "Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29898",
"datePublished": "2024-03-28T13:43:07.988Z",
"dateReserved": "2024-03-21T15:12:08.998Z",
"dateUpdated": "2024-08-02T01:17:58.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29897 (GCVE-0-2024-29897)
Vulnerability from cvelistv5 – Published: 2024-03-28 13:40 – Updated: 2024-09-03 18:09
VLAI?
Title
CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki`
Summary
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937.
Severity ?
4.9 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | CreateWiki |
Affected:
< 23415c17ffb4832667c06abcf1eadadefd4c8937
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:17:58.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq"
},
{
"name": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8"
},
{
"name": "https://issue-tracker.miraheze.org/F3093343",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issue-tracker.miraheze.org/F3093343"
},
{
"name": "https://issue-tracker.miraheze.org/T11999",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issue-tracker.miraheze.org/T11999"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T19:39:30.333387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:09:56.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CreateWiki",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c 23415c17ffb4832667c06abcf1eadadefd4c8937"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request\u0027s entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-28T13:40:43.231Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq"
},
{
"name": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8"
},
{
"name": "https://issue-tracker.miraheze.org/F3093343",
"tags": [
"x_refsource_MISC"
],
"url": "https://issue-tracker.miraheze.org/F3093343"
},
{
"name": "https://issue-tracker.miraheze.org/T11999",
"tags": [
"x_refsource_MISC"
],
"url": "https://issue-tracker.miraheze.org/T11999"
}
],
"source": {
"advisory": "GHSA-4rcf-3cj2-46mq",
"discovery": "UNKNOWN"
},
"title": "CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29897",
"datePublished": "2024-03-28T13:40:43.231Z",
"dateReserved": "2024-03-21T15:12:08.998Z",
"dateUpdated": "2024-09-03T18:09:56.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29883 (GCVE-0-2024-29883)
Vulnerability from cvelistv5 – Published: 2024-03-26 13:37 – Updated: 2024-08-02 17:16
VLAI?
Title
CreateWiki's wiki request suppression ignores the suppression settings set by the suppressor
Summary
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it.
Severity ?
4.9 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | CreateWiki |
Affected:
< 0c7c4f93834349be8f5c2a678e9a85b4b1aa7bab
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:17:58.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9"
},
{
"name": "https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch"
},
{
"name": "https://issue-tracker.miraheze.org/T11993",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issue-tracker.miraheze.org/T11993"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T17:15:27.957415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:09.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CreateWiki",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c 0c7c4f93834349be8f5c2a678e9a85b4b1aa7bab"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T13:37:48.662Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9"
},
{
"name": "https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch"
},
{
"name": "https://issue-tracker.miraheze.org/T11993",
"tags": [
"x_refsource_MISC"
],
"url": "https://issue-tracker.miraheze.org/T11993"
}
],
"source": {
"advisory": "GHSA-8wjf-mxjg-j8p9",
"discovery": "UNKNOWN"
},
"title": "CreateWiki\u0027s wiki request suppression ignores the suppression settings set by the suppressor"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29883",
"datePublished": "2024-03-26T13:37:48.662Z",
"dateReserved": "2024-03-21T15:12:08.997Z",
"dateUpdated": "2024-08-02T17:16:09.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25109 (GCVE-0-2024-25109)
Vulnerability from cvelistv5 – Published: 2024-02-09 22:25 – Updated: 2024-08-01 23:36
VLAI?
Title
Cross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWiki
Summary
ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | ManageWiki |
Affected:
< 6942e8b2c01dc33c2c41a471f91ef3f6ca726073
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T17:18:51.399865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:29.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-4jr2-jhfm-2r84",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-4jr2-jhfm-2r84"
},
{
"name": "https://github.com/miraheze/ManageWiki/commit/2ef0f50880d7695ca2874dc8dd515b2b9bbb02e5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/ManageWiki/commit/2ef0f50880d7695ca2874dc8dd515b2b9bbb02e5"
},
{
"name": "https://github.com/miraheze/ManageWiki/commit/6942e8b2c01dc33c2c41a471f91ef3f6ca726073",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/ManageWiki/commit/6942e8b2c01dc33c2c41a471f91ef3f6ca726073"
},
{
"name": "https://github.com/miraheze/ManageWiki/commit/886cc6b94587f1c7387caa26ca9fe612e01836a0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/ManageWiki/commit/886cc6b94587f1c7387caa26ca9fe612e01836a0"
},
{
"name": "https://issue-tracker.miraheze.org/T11812",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issue-tracker.miraheze.org/T11812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageWiki",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c 6942e8b2c01dc33c2c41a471f91ef3f6ca726073"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T22:25:48.347Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-4jr2-jhfm-2r84",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-4jr2-jhfm-2r84"
},
{
"name": "https://github.com/miraheze/ManageWiki/commit/2ef0f50880d7695ca2874dc8dd515b2b9bbb02e5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/ManageWiki/commit/2ef0f50880d7695ca2874dc8dd515b2b9bbb02e5"
},
{
"name": "https://github.com/miraheze/ManageWiki/commit/6942e8b2c01dc33c2c41a471f91ef3f6ca726073",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/ManageWiki/commit/6942e8b2c01dc33c2c41a471f91ef3f6ca726073"
},
{
"name": "https://github.com/miraheze/ManageWiki/commit/886cc6b94587f1c7387caa26ca9fe612e01836a0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/ManageWiki/commit/886cc6b94587f1c7387caa26ca9fe612e01836a0"
},
{
"name": "https://issue-tracker.miraheze.org/T11812",
"tags": [
"x_refsource_MISC"
],
"url": "https://issue-tracker.miraheze.org/T11812"
}
],
"source": {
"advisory": "GHSA-4jr2-jhfm-2r84",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWiki"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25109",
"datePublished": "2024-02-09T22:25:48.347Z",
"dateReserved": "2024-02-05T14:14:46.378Z",
"dateUpdated": "2024-08-01T23:36:21.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25107 (GCVE-0-2024-25107)
Vulnerability from cvelistv5 – Published: 2024-02-08 22:46 – Updated: 2025-06-17 21:29
VLAI?
Title
Cross-Site Scripting in WikiDiscover
Summary
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `->text()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the `(editinterface)` right. This vulnerability has been addressed in commit `267e763a0`. Users are advised to update their installations. There are no known workarounds for this vulnerability.
Severity ?
4.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | WikiDiscover |
Affected:
< 267e763a0d7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-cfcf-94jv-455f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-cfcf-94jv-455f"
},
{
"name": "https://github.com/miraheze/WikiDiscover/commit/267e763a0d7460f001693c42f67717a0fc3fd6bb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/WikiDiscover/commit/267e763a0d7460f001693c42f67717a0fc3fd6bb"
},
{
"name": "https://issue-tracker.miraheze.org/T11814",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issue-tracker.miraheze.org/T11814"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25107",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-09T17:17:16.716313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:29.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WikiDiscover",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c 267e763a0d7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `-\u003etext()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the `(editinterface)` right. This vulnerability has been addressed in commit `267e763a0`. Users are advised to update their installations. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T22:46:39.144Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-cfcf-94jv-455f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-cfcf-94jv-455f"
},
{
"name": "https://github.com/miraheze/WikiDiscover/commit/267e763a0d7460f001693c42f67717a0fc3fd6bb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/WikiDiscover/commit/267e763a0d7460f001693c42f67717a0fc3fd6bb"
},
{
"name": "https://issue-tracker.miraheze.org/T11814",
"tags": [
"x_refsource_MISC"
],
"url": "https://issue-tracker.miraheze.org/T11814"
}
],
"source": {
"advisory": "GHSA-cfcf-94jv-455f",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in WikiDiscover"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25107",
"datePublished": "2024-02-08T22:46:39.144Z",
"dateReserved": "2024-02-05T14:14:46.378Z",
"dateUpdated": "2025-06-17T21:29:29.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24813 (GCVE-0-2022-24813)
Vulnerability from cvelistv5 – Published: 2022-04-04 17:40 – Updated: 2025-04-23 18:41
VLAI?
Title
Authentication Bypass Using an Alternate Path or Channel in CreateWiki
Summary
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the `master` branch of CreateWiki's GitHub repository.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | CreateWiki |
Affected:
< d0ae79843d689832ccac765d6b1721e668d99ab9
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-9xvw-w66v-prvg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/CreateWiki/commit/d0ae79843d689832ccac765d6b1721e668d99ab9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://phabricator.miraheze.org/T9018"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:56:04.159218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:41:50.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CreateWiki",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c d0ae79843d689832ccac765d6b1721e668d99ab9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the `master` branch of CreateWiki\u0027s GitHub repository."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T17:40:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-9xvw-w66v-prvg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/CreateWiki/commit/d0ae79843d689832ccac765d6b1721e668d99ab9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://phabricator.miraheze.org/T9018"
}
],
"source": {
"advisory": "GHSA-9xvw-w66v-prvg",
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass Using an Alternate Path or Channel in CreateWiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24813",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass Using an Alternate Path or Channel in CreateWiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CreateWiki",
"version": {
"version_data": [
{
"version_value": "\u003c d0ae79843d689832ccac765d6b1721e668d99ab9"
}
]
}
}
]
},
"vendor_name": "miraheze"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the `master` branch of CreateWiki\u0027s GitHub repository."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-9xvw-w66v-prvg",
"refsource": "CONFIRM",
"url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-9xvw-w66v-prvg"
},
{
"name": "https://github.com/miraheze/CreateWiki/commit/d0ae79843d689832ccac765d6b1721e668d99ab9",
"refsource": "MISC",
"url": "https://github.com/miraheze/CreateWiki/commit/d0ae79843d689832ccac765d6b1721e668d99ab9"
},
{
"name": "https://phabricator.miraheze.org/T9018",
"refsource": "MISC",
"url": "https://phabricator.miraheze.org/T9018"
}
]
},
"source": {
"advisory": "GHSA-9xvw-w66v-prvg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24813",
"datePublished": "2022-04-04T17:40:11.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:41:50.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39186 (GCVE-0-2021-39186)
Vulnerability from cvelistv5 – Published: 2021-09-01 20:35 – Updated: 2024-08-04 01:58
VLAI?
Title
Improper Input Validation in GlobalNewFiles
Summary
GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior to commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d, the username column of the GlobalNewFiles special page is vulnerable to a stored XSS. Commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d contains a patch. As a workaround, one may disallow <,> (or other characters required to insert html/js) from being used in account names so an XSS is not possible.
Severity ?
4.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | GlobalNewFiles |
Affected:
< cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/miraheze/GlobalNewFiles/security/advisories/GHSA-57p5-hqjq-h7vg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/GlobalNewFiles/commit/cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://phabricator.miraheze.org/T7935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GlobalNewFiles",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior to commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d, the username column of the GlobalNewFiles special page is vulnerable to a stored XSS. Commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d contains a patch. As a workaround, one may disallow \u003c,\u003e (or other characters required to insert html/js) from being used in account names so an XSS is not possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-06T11:43:26",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/GlobalNewFiles/security/advisories/GHSA-57p5-hqjq-h7vg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/GlobalNewFiles/commit/cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://phabricator.miraheze.org/T7935"
}
],
"source": {
"advisory": "GHSA-57p5-hqjq-h7vg",
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation in GlobalNewFiles",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39186",
"STATE": "PUBLIC",
"TITLE": "Improper Input Validation in GlobalNewFiles"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalNewFiles",
"version": {
"version_data": [
{
"version_value": "\u003c cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d"
}
]
}
}
]
},
"vendor_name": "miraheze"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior to commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d, the username column of the GlobalNewFiles special page is vulnerable to a stored XSS. Commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d contains a patch. As a workaround, one may disallow \u003c,\u003e (or other characters required to insert html/js) from being used in account names so an XSS is not possible."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/miraheze/GlobalNewFiles/security/advisories/GHSA-57p5-hqjq-h7vg",
"refsource": "CONFIRM",
"url": "https://github.com/miraheze/GlobalNewFiles/security/advisories/GHSA-57p5-hqjq-h7vg"
},
{
"name": "https://github.com/miraheze/GlobalNewFiles/commit/cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d",
"refsource": "MISC",
"url": "https://github.com/miraheze/GlobalNewFiles/commit/cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d"
},
{
"name": "https://phabricator.miraheze.org/T7935",
"refsource": "MISC",
"url": "https://phabricator.miraheze.org/T7935"
}
]
},
"source": {
"advisory": "GHSA-57p5-hqjq-h7vg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39186",
"datePublished": "2021-09-01T20:35:12",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-08-04T01:58:18.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32774 (GCVE-0-2021-32774)
Vulnerability from cvelistv5 – Published: 2021-07-20 00:35 – Updated: 2024-08-03 23:33
VLAI?
Title
Cross-Site Request Forgery (CSRF) in DataDump
Summary
DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or delete dumps could be forged. The vulnerability was patched in commit 67a82b76e186925330b89ace9c5fd893a300830b. There are no known workarounds. You must completely disable DataDump.
Severity ?
6.1 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/miraheze/DataDump/security/advisories/GHSA-29mh-4vhv-x8mr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/DataDump/commit/67a82b76e186925330b89ace9c5fd893a300830b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://phabricator.miraheze.org/T7593"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DataDump",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c 67a82b76e186925330b89ace9c5fd893a300830b"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or delete dumps could be forged. The vulnerability was patched in commit 67a82b76e186925330b89ace9c5fd893a300830b. There are no known workarounds. You must completely disable DataDump."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T00:35:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/DataDump/security/advisories/GHSA-29mh-4vhv-x8mr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/DataDump/commit/67a82b76e186925330b89ace9c5fd893a300830b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://phabricator.miraheze.org/T7593"
}
],
"source": {
"advisory": "GHSA-29mh-4vhv-x8mr",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Request Forgery (CSRF) in DataDump",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32774",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in DataDump"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataDump",
"version": {
"version_data": [
{
"version_value": "\u003c 67a82b76e186925330b89ace9c5fd893a300830b"
}
]
}
}
]
},
"vendor_name": "miraheze"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or delete dumps could be forged. The vulnerability was patched in commit 67a82b76e186925330b89ace9c5fd893a300830b. There are no known workarounds. You must completely disable DataDump."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/miraheze/DataDump/security/advisories/GHSA-29mh-4vhv-x8mr",
"refsource": "CONFIRM",
"url": "https://github.com/miraheze/DataDump/security/advisories/GHSA-29mh-4vhv-x8mr"
},
{
"name": "https://github.com/miraheze/DataDump/commit/67a82b76e186925330b89ace9c5fd893a300830b",
"refsource": "MISC",
"url": "https://github.com/miraheze/DataDump/commit/67a82b76e186925330b89ace9c5fd893a300830b"
},
{
"name": "https://phabricator.miraheze.org/T7593",
"refsource": "MISC",
"url": "https://phabricator.miraheze.org/T7593"
}
]
},
"source": {
"advisory": "GHSA-29mh-4vhv-x8mr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32774",
"datePublished": "2021-07-20T00:35:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32722 (GCVE-0-2021-32722)
Vulnerability from cvelistv5 – Published: 2021-06-28 19:25 – Updated: 2024-08-03 23:33
VLAI?
Title
Uncontrolled Resource Consumption in GlobalNewFiles
Summary
GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled. A patch is available in version 48be7adb70568e20e961ea1cb70904454a671b1d.
Severity ?
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | GlobalNewFiles |
Affected:
< 48be7adb70568e20e961ea1cb70904454a671b1d
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:54.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/miraheze/GlobalNewFiles/security/advisories/GHSA-cwv5-c938-5h5h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://phabricator.miraheze.org/T7532"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/GlobalNewFiles/commit/48be7adb70568e20e961ea1cb70904454a671b1d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/GlobalNewFiles/pull/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GlobalNewFiles",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c 48be7adb70568e20e961ea1cb70904454a671b1d"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled. A patch is available in version 48be7adb70568e20e961ea1cb70904454a671b1d."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T10:41:22",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/GlobalNewFiles/security/advisories/GHSA-cwv5-c938-5h5h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://phabricator.miraheze.org/T7532"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/GlobalNewFiles/commit/48be7adb70568e20e961ea1cb70904454a671b1d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/GlobalNewFiles/pull/17"
}
],
"source": {
"advisory": "GHSA-cwv5-c938-5h5h",
"discovery": "UNKNOWN"
},
"title": "Uncontrolled Resource Consumption in GlobalNewFiles",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32722",
"STATE": "PUBLIC",
"TITLE": "Uncontrolled Resource Consumption in GlobalNewFiles"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalNewFiles",
"version": {
"version_data": [
{
"version_value": "\u003c 48be7adb70568e20e961ea1cb70904454a671b1d"
}
]
}
}
]
},
"vendor_name": "miraheze"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled. A patch is available in version 48be7adb70568e20e961ea1cb70904454a671b1d."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/miraheze/GlobalNewFiles/security/advisories/GHSA-cwv5-c938-5h5h",
"refsource": "CONFIRM",
"url": "https://github.com/miraheze/GlobalNewFiles/security/advisories/GHSA-cwv5-c938-5h5h"
},
{
"name": "https://phabricator.miraheze.org/T7532",
"refsource": "MISC",
"url": "https://phabricator.miraheze.org/T7532"
},
{
"name": "https://github.com/miraheze/GlobalNewFiles/commit/48be7adb70568e20e961ea1cb70904454a671b1d",
"refsource": "MISC",
"url": "https://github.com/miraheze/GlobalNewFiles/commit/48be7adb70568e20e961ea1cb70904454a671b1d"
},
{
"name": "https://github.com/miraheze/GlobalNewFiles/pull/17",
"refsource": "MISC",
"url": "https://github.com/miraheze/GlobalNewFiles/pull/17"
}
]
},
"source": {
"advisory": "GHSA-cwv5-c938-5h5h",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32722",
"datePublished": "2021-06-28T19:25:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:54.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29483 (GCVE-0-2021-29483)
Vulnerability from cvelistv5 – Published: 2021-04-28 21:25 – Updated: 2024-08-03 22:11
VLAI?
Title
wikiconfig API leaked private config variables set through ManageWiki
Summary
ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unable to patch set `$wgAPIListModules['wikiconfig'] = 'ApiQueryDisabled';` or remove private config as a workaround.
Severity ?
9.4 (Critical)
CWE
- CWE-200 - {"CWE-200":"Exposure of Sensitive Information to an Unauthorized Actor"}
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| miraheze | ManageWiki |
Affected:
< befb83c66f5b643e174897ea41a8a46679b26304
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679b26304"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://phabricator.miraheze.org/T7213"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageWiki",
"vendor": "miraheze",
"versions": [
{
"status": "affected",
"version": "\u003c befb83c66f5b643e174897ea41a8a46679b26304"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageWiki is an extension to the MediaWiki project. The \u0027wikiconfig\u0027 API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unable to patch set `$wgAPIListModules[\u0027wikiconfig\u0027] = \u0027ApiQueryDisabled\u0027;` or remove private config as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "{\"CWE-200\":\"Exposure of Sensitive Information to an Unauthorized Actor\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T21:25:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679b26304"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://phabricator.miraheze.org/T7213"
}
],
"source": {
"advisory": "GHSA-jmc9-rv2f-g8vv",
"discovery": "UNKNOWN"
},
"title": "wikiconfig API leaked private config variables set through ManageWiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29483",
"STATE": "PUBLIC",
"TITLE": "wikiconfig API leaked private config variables set through ManageWiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageWiki",
"version": {
"version_data": [
{
"version_value": "\u003c befb83c66f5b643e174897ea41a8a46679b26304"
}
]
}
}
]
},
"vendor_name": "miraheze"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageWiki is an extension to the MediaWiki project. The \u0027wikiconfig\u0027 API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unable to patch set `$wgAPIListModules[\u0027wikiconfig\u0027] = \u0027ApiQueryDisabled\u0027;` or remove private config as a workaround."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-200\":\"Exposure of Sensitive Information to an Unauthorized Actor\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vv",
"refsource": "CONFIRM",
"url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vv"
},
{
"name": "https://github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679b26304",
"refsource": "MISC",
"url": "https://github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679b26304"
},
{
"name": "https://phabricator.miraheze.org/T7213",
"refsource": "MISC",
"url": "https://phabricator.miraheze.org/T7213"
}
]
},
"source": {
"advisory": "GHSA-jmc9-rv2f-g8vv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29483",
"datePublished": "2021-04-28T21:25:13",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:05.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}