CVE-2024-47816 (GCVE-0-2024-47816)
Vulnerability from cvelistv5
Published
2024-10-09 18:19
Modified
2024-10-09 19:44
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
CWE
  • CWE-282 - Improper Ownership Management
Summary
ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they're the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it's marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that.
References
Impacted products
Vendor Product Version
miraheze ImportDump Version: commits prior to 5c91dfc
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47816",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T19:44:13.313675Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T19:44:51.132Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImportDump",
          "vendor": "miraheze",
          "versions": [
            {
              "status": "affected",
              "version": "commits prior to 5c91dfc"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImportDump is a mediawiki extension designed to automate user import requests. A user\u0027s local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they\u0027re the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it\u0027s marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-282",
              "description": "CWE-282: Improper Ownership Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T18:19:17.108Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-jjmq-mg36-6387",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-jjmq-mg36-6387"
        },
        {
          "name": "https://github.com/miraheze/ImportDump/commit/5c91dfce78320e717516ee65ef5a05f01979ee6c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/miraheze/ImportDump/commit/5c91dfce78320e717516ee65ef5a05f01979ee6c"
        },
        {
          "name": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc"
        },
        {
          "name": "https://issue-tracker.miraheze.org/T12701",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issue-tracker.miraheze.org/T12701"
        }
      ],
      "source": {
        "advisory": "GHSA-jjmq-mg36-6387",
        "discovery": "UNKNOWN"
      },
      "title": "Users can impersonate import requesters if their actor IDs coincide in ImportDump"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-47816",
    "datePublished": "2024-10-09T18:19:17.108Z",
    "dateReserved": "2024-10-03T14:06:12.638Z",
    "dateUpdated": "2024-10-09T19:44:51.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47816\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-09T19:44:13.313675Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-09T19:44:35.555Z\"}}], \"cna\": {\"title\": \"Users can impersonate import requesters if their actor IDs coincide in ImportDump\", \"source\": {\"advisory\": \"GHSA-jjmq-mg36-6387\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"miraheze\", \"product\": \"ImportDump\", \"versions\": [{\"status\": \"affected\", \"version\": \"commits prior to 5c91dfc\"}]}], \"references\": [{\"url\": \"https://github.com/miraheze/ImportDump/security/advisories/GHSA-jjmq-mg36-6387\", \"name\": \"https://github.com/miraheze/ImportDump/security/advisories/GHSA-jjmq-mg36-6387\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/miraheze/ImportDump/commit/5c91dfce78320e717516ee65ef5a05f01979ee6c\", \"name\": \"https://github.com/miraheze/ImportDump/commit/5c91dfce78320e717516ee65ef5a05f01979ee6c\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc\", \"name\": \"https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://issue-tracker.miraheze.org/T12701\", \"name\": \"https://issue-tracker.miraheze.org/T12701\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"ImportDump is a mediawiki extension designed to automate user import requests. A user\u0027s local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they\u0027re the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it\u0027s marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-282\", \"description\": \"CWE-282: Improper Ownership Management\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-10-09T18:19:17.108Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-47816\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-09T19:44:51.132Z\", \"dateReserved\": \"2024-10-03T14:06:12.638Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-10-09T18:19:17.108Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.