Unrated severityNVD Advisory· Published Apr 28, 2021· Updated Aug 3, 2024
wikiconfig API leaked private config variables set through ManageWiki
CVE-2021-29483
Description
ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unable to patch set $wgAPIListModules['wikiconfig'] = 'ApiQueryDisabled'; or remove private config as a workaround.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- miraheze/ManageWikiv5Range: < befb83c66f5b643e174897ea41a8a46679b26304
Patches
Vulnerability mechanics
References
3- github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679b26304mitrex_refsource_MISC
- github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vvmitrex_refsource_CONFIRM
- phabricator.miraheze.org/T7213mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.