CVE-2024-29897

Name of the Vulnerable Software and Affected Versions CreateWiki versions prior to 23415c17ffb4832667c06abcf1eadadefd4c8937

Description The issue affects CreateWiki, a MediaWiki extension used for requesting and creating wikis on Miraheze. Users with specific rights, such as delete or suppressrevision, on any wiki in the farm can access suppressed wiki requests by visiting the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The vulnerability was briefly present in the REST API but was quickly corrected.

Recommendations For versions prior to 23415c17ffb4832667c06abcf1eadadefd4c8937, update to a version that includes the fix to resolve the issue. As a temporary workaround, consider restricting access to the Special:RequestWikiQueue page for users with delete or suppressrevision rights until the update is applied.