CVE-2024-47913

Root

Cause CVE-2024-47913 is an authorization bypass vulnerability in the AbuseFilter extension for MediaWiki. The abusefiltercheckmatch API endpoint does not verify that the caller possesses the abusefilter-log-detail right before matching a filter condition against the details of logged AbuseFilter actions [1][3]. This missing permission check was introduced in code changes prior to MediaWiki versions 1.39.9, 1.40.4, 1.41.3, and 1.42.2 [1].

Exploitation

The vulnerability can be exploited by any API caller with network access to a vulnerable MediaWiki instance. The attacker does not need special privileges beyond the ability to make API requests; they simply call the abusefiltercheckmatch endpoint with a crafted filter condition and a reference to an AbuseFilter log entry [1][3]. Because the permission check is absent, the API will return a result indicating whether the given condition matches the log entry's details, regardless of the caller's authorization to view those details.

Impact

An unauthenticated or low-privileged API caller can effectively probe AbuseFilter logs to learn information about filtered actions. This could reveal details such as the target IP addresses of temporary users, patterns of abuse, or other sensitive data that is normally restricted to users with the abusefilter-log-detail right [3]. The information leakage can be used to infer which filters are active or to correlate actions with specific user sessions.

Mitigation

The vulnerability has been addressed in MediaWiki point releases: 1.39.9, 1.40.4 (for the 1.40.x branch), 1.41.3, and 1.42.2 [1]. Administrators are strongly advised to upgrade to these patched versions immediately. No workarounds are documented; the fix ensures that the abisuefiltercheckmatch API properly checks the abusefilter-log-detail right before processing any match against log details [3].