CVE-2021-29483
Summary
| CVE | CVE-2021-29483 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-04-28 22:15:00 UTC |
| Updated | 2021-05-08 02:26:00 UTC |
| Description | ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unable to patch set `$wgAPIListModules['wikiconfig'] = 'ApiQueryDisabled';` or remove private config as a workaround. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Miraheze | Managewiki | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ⚓ T7213 ManageWiki API allows viewing configs that shouldn't be viewed publicly | MISC | phabricator.miraheze.org | |
| 'wikiconfig' API leaked private config variables set through ManageWiki · Advisory · miraheze/ManageWiki · GitHub | CONFIRM | github.com | |
| Merge pull request from GHSA-jmc9-rv2f-g8vv · miraheze/ManageWiki@befb83c · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.