CVE-2021-29483

Name of the Vulnerable Software and Affected Versions: ManageWiki (affected versions not specified)

Description: The issue concerns the ManageWiki extension to the MediaWiki project, where the 'wikiconfig' API endpoint leaked private configuration variables set through the ManageWiki variable to all users.

Recommendations: For all affected versions, consider setting $wgAPIListModules['wikiconfig'] = 'ApiQueryDisabled'; or remove private config as a workaround until a patch is applied. Apply the patch available at https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch to resolve the issue.