vulnerability

MediaWiki: CVE-2024-47913: Insertion of Sensitive Information into Log File

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Oct 4, 2024

Added

Jun 20, 2025

Modified

May 6, 2026

Description

An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.

Solution

mediawiki-upgrade-latest

References

CVE-2024-47913
https://attackerkb.com/topics/CVE-2024-47913
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1076855
https://phabricator.wikimedia.org/T372998
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-3175
CWE-532
EUVD-EUVD-2024-3175

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report