CVE-2021-29483
CRITICALMiraheze Managewiki < 2021-04-28 - Information Disclosure
Title source: ruleDescription
ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unable to patch set `$wgAPIListModules['wikiconfig'] = 'ApiQueryDisabled';` or remove private config as a workaround.
References (3)
Core 3
Core References
Mitigation, Patch, Third Party Advisory x_refsource_confirm
https://github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vv
Patch, Third Party Advisory x_refsource_misc
https://github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679b26304
Issue Tracking, Third Party Advisory x_refsource_misc
https://phabricator.miraheze.org/T7213
Scores
CVSS v3
9.4
EPSS
0.0044
EPSS Percentile
63.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Details
CWE
CWE-200
Status
published
Products (1)
miraheze/managewiki
< 2021-04-28
Published
Apr 28, 2021
Tracked Since
Feb 18, 2026