Vulnerability in ImportDump MediaWiki Extension Allows User Impersonation
CVE-2024-47816
Currently unrated
What is CVE-2024-47816?
The ImportDump extension for MediaWiki is susceptible to a user impersonation vulnerability due to the reuse of local actor IDs across different wikis. This flaw allows a malicious user from one wiki to impersonate a legitimate requester from another wiki, enabling them to create, edit, and access private comments linked to that original request. A patch for this issue has been implemented in commit '5c91dfc', and all users are strongly encouraged to update their installations. For those unable to update, it is recommended to temporarily disable the relevant special page on their global wiki to mitigate any risks associated with this vulnerability.