Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-29898

Published: 28/03/2024 Updated: 28/03/2024

Vulnerability Summary

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c.

References

https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8vhttps://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mqhttps://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149chttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook