Medium severity4.9OSV Advisory· Published Mar 28, 2024· Updated Apr 15, 2026

CVE-2024-29897

Description

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit 6bc0685. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937.

Affected products

Miraheze/Mw ConfigOSV

Patches

fb3e68bcef45

https://github.com/miraheze/mw-configvia osv

commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.319
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000