CVE-2024-40597

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 7, 2024

Updated: Jul 8, 2024

CWE ID 200

Summary

CVE-2024-40597 is a vulnerability affecting the CheckUser extension in MediaWiki versions up to 1.42.1. This issue permits the exposure of previously suppressed information in log events. The log_deleted attribute, intended to hide certain data, is disregarded in this vulnerability, potentially leading to unintended information disclosure. MediaWiki users running unpatched versions are advised to update as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/w3FXe9
https://www.cve.org/CVERecord?id=CVE-2024-40597
https://nvd.nist.gov/vuln/detail/CVE-2024-40597

Back to Vulnerability Database

CVE-2024-40597

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations