Authentication Bypass Using an Alternate Path or Channel in CreateWiki
CVE-2022-24813

5.3MEDIUM

Key Information:

Vendor: Miraheze
Status: Createwiki
Vendor: CVE Published:; 4 April 2022

🔔 Create Miraheze Vulnerability Alert

What is CVE-2022-24813?

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the master branch of CreateWiki's GitHub repository.

Affected Version(s)

CreateWiki < d0ae79843d689832ccac765d6b1721e668d99ab9

References

https://github.com/miraheze/CreateWiki/security/advisorie...

x_refsource_CONFIRM

https://github.com/miraheze/CreateWiki/commit/d0ae79843d6...

x_refsource_MISC

https://phabricator.miraheze.org/T9018

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2022
Vulnerability Reserved
Feb 10, 2022

.