Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki`
Vulnerability Description
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
CreateWiki 安全漏洞
Vulnerability Description
CreateWiki是Miraheze的 MediaWiki 扩展,用于请求和创建 wiki。 CreateWiki存在安全漏洞。攻击者利用该漏洞可以访问受抑制的 wiki 请求。
CVSS Information
N/A
Vulnerability Type
N/A