CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c.
References
Configurations
No configuration.
History
28 Mar 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-28 14:15
Updated : 2024-03-28 16:07
NVD link : CVE-2024-29898
Mitre link : CVE-2024-29898
CVE.ORG link : CVE-2024-29898
JSON object : View
Products Affected
No product.
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor