CVE-2024-34701 (GCVE-0-2024-34701)
Vulnerability from cvelistv5
Published
2024-05-13 15:54
Modified
2024-08-02 02:59
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE
  • CWE-863 - Incorrect Authorization
Summary
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made. This allows them to go to that request entry's on Special:RequestWikiQueue on the wiki where their local user ID matches and take any actions that the wiki requester is allowed to take from there. Commit 02e0f298f8d35155c39aa74193cb7b867432c5b8 fixes the issue. Important note about the fix: This vulnerability has been fixed by disabling access to the REST API and special pages outside of the wiki configured as the "global wiki" in `$wgCreateWikiGlobalWiki` in a user's MediaWiki settings. As a workaround, it is possible to disable the special pages outside of one's own global wiki by doing something similar to `miraheze/mw-config` commit e5664995fbb8644f9a80b450b4326194f20f9ddc that is adapted to one's own setup. As for the REST API, before the fix, there wasn't any REST endpoint that allowed one to make writes. Regardless, it is possible to also disable it outside of the global wiki by using `$wgCreateWikiDisableRESTAPI` and `$wgConf` in the configuration for one's own wiki farm..
References
Impacted products
Vendor Product Version
miraheze CreateWiki Version: < 02e0f298f8d35155c39aa74193cb7b867432c5b8
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:miraheze:createwiki:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "createwiki",
            "vendor": "miraheze",
            "versions": [
              {
                "lessThan": "02e0f298f8d35155c39aa74193cb7b867432c5b8 ",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34701",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T17:28:58.059975Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T19:06:13.272Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:59:21.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64"
          },
          {
            "name": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8"
          },
          {
            "name": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191"
          },
          {
            "name": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc"
          },
          {
            "name": "https://issue-tracker.miraheze.org/T12011",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issue-tracker.miraheze.org/T12011"
          },
          {
            "name": "https://issue-tracker.miraheze.org/T12102",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issue-tracker.miraheze.org/T12102"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CreateWiki",
          "vendor": "miraheze",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 02e0f298f8d35155c39aa74193cb7b867432c5b8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made. This allows them to go to that request entry\u0027s on Special:RequestWikiQueue on the wiki where their local user ID matches and take any actions that the wiki requester is allowed to take from there.\n\nCommit 02e0f298f8d35155c39aa74193cb7b867432c5b8 fixes the issue. Important note about the fix: This vulnerability has been fixed by disabling access to the REST API and special pages outside of the wiki configured as the \"global wiki\" in `$wgCreateWikiGlobalWiki` in a user\u0027s MediaWiki settings.\n\nAs a workaround, it is possible to disable the special pages outside of one\u0027s own global wiki by doing something similar to `miraheze/mw-config` commit e5664995fbb8644f9a80b450b4326194f20f9ddc that is adapted to one\u0027s own setup. As for the REST API, before the fix, there wasn\u0027t any REST endpoint that allowed one to make writes. Regardless, it is possible to also disable it outside of the global wiki by using `$wgCreateWikiDisableRESTAPI` and `$wgConf` in the configuration for one\u0027s own wiki farm.."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-13T15:54:12.956Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64"
        },
        {
          "name": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8"
        },
        {
          "name": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191"
        },
        {
          "name": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc"
        },
        {
          "name": "https://issue-tracker.miraheze.org/T12011",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issue-tracker.miraheze.org/T12011"
        },
        {
          "name": "https://issue-tracker.miraheze.org/T12102",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issue-tracker.miraheze.org/T12102"
        }
      ],
      "source": {
        "advisory": "GHSA-89fx-77w7-rc64",
        "discovery": "UNKNOWN"
      },
      "title": "CreateWiki vulnerable to impersonation of wiki requester"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-34701",
    "datePublished": "2024-05-13T15:54:12.956Z",
    "dateReserved": "2024-05-07T13:53:00.132Z",
    "dateUpdated": "2024-08-02T02:59:21.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64\", \"name\": \"https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8\", \"name\": \"https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191\", \"name\": \"https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc\", \"name\": \"https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://issue-tracker.miraheze.org/T12011\", \"name\": \"https://issue-tracker.miraheze.org/T12011\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://issue-tracker.miraheze.org/T12102\", \"name\": \"https://issue-tracker.miraheze.org/T12102\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:59:21.802Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-34701\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-14T17:28:58.059975Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:miraheze:createwiki:-:*:*:*:*:*:*:*\"], \"vendor\": \"miraheze\", \"product\": \"createwiki\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"02e0f298f8d35155c39aa74193cb7b867432c5b8 \", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-14T17:09:30.460Z\"}}], \"cna\": {\"title\": \"CreateWiki vulnerable to impersonation of wiki requester\", \"source\": {\"advisory\": \"GHSA-89fx-77w7-rc64\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"miraheze\", \"product\": \"CreateWiki\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 02e0f298f8d35155c39aa74193cb7b867432c5b8\"}]}], \"references\": [{\"url\": \"https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64\", \"name\": \"https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8\", \"name\": \"https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191\", \"name\": \"https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc\", \"name\": \"https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://issue-tracker.miraheze.org/T12011\", \"name\": \"https://issue-tracker.miraheze.org/T12011\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://issue-tracker.miraheze.org/T12102\", \"name\": \"https://issue-tracker.miraheze.org/T12102\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made. This allows them to go to that request entry\u0027s on Special:RequestWikiQueue on the wiki where their local user ID matches and take any actions that the wiki requester is allowed to take from there.\\n\\nCommit 02e0f298f8d35155c39aa74193cb7b867432c5b8 fixes the issue. Important note about the fix: This vulnerability has been fixed by disabling access to the REST API and special pages outside of the wiki configured as the \\\"global wiki\\\" in `$wgCreateWikiGlobalWiki` in a user\u0027s MediaWiki settings.\\n\\nAs a workaround, it is possible to disable the special pages outside of one\u0027s own global wiki by doing something similar to `miraheze/mw-config` commit e5664995fbb8644f9a80b450b4326194f20f9ddc that is adapted to one\u0027s own setup. As for the REST API, before the fix, there wasn\u0027t any REST endpoint that allowed one to make writes. Regardless, it is possible to also disable it outside of the global wiki by using `$wgCreateWikiDisableRESTAPI` and `$wgConf` in the configuration for one\u0027s own wiki farm..\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-05-13T15:54:12.956Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-34701\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T02:59:21.802Z\", \"dateReserved\": \"2024-05-07T13:53:00.132Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-05-13T15:54:12.956Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.