CVE-2024-29883

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch	Patch
https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9	Patch Vendor Advisory
https://issue-tracker.miraheze.org/T11993	Exploit Issue Tracking
https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch	Patch
https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9	Patch Vendor Advisory
https://issue-tracker.miraheze.org/T11993	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:miraheze:createwiki:*:*:*:*:*:*:*:*

History

02 Jan 2026, 13:37

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
First Time		Miraheze Miraheze createwiki
References	~~() https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch -~~	() https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch - Patch
References	~~() https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9 -~~	() https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9 - Patch, Vendor Advisory
References	~~() https://issue-tracker.miraheze.org/T11993 -~~	() https://issue-tracker.miraheze.org/T11993 - Exploit, Issue Tracking
CPE		cpe:2.3:a:miraheze:createwiki::::::::

21 Nov 2024, 09:08

Type	Values Removed	Values Added
References	~~() https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch -~~	() https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch -
References	~~() https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9 -~~	() https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9 -
References	~~() https://issue-tracker.miraheze.org/T11993 -~~	() https://issue-tracker.miraheze.org/T11993 -

26 Mar 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-26 14:15

Updated : 2026-01-02 13:37

NVD link : CVE-2024-29883

Mitre link : CVE-2024-29883

CVE.ORG link : CVE-2024-29883

JSON object : View

Products Affected

miraheze

createwiki

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

4.9 /10