CVE-2024-47816

Summary

CVE-2024-47816 is a vulnerability in the ImportDump mediawiki extension that allows users from different wikis to impersonate original requesters by exploiting shared local actor IDs. This vulnerability poses a medium severity risk, with potential high integrity impact due to unauthorized actions such as creating new comments, editing requests, and accessing private requests. Affected products include those utilizing the ImportDump extension, and users are advised to remediate the issue by updating to the latest version or disabling the special page if an update is not possible. The exploit requires low privileges and no user interaction, but it can be executed over a network, making it accessible for attackers. Details on remediation can be found in commit 5c91dfc on GitHub and related advisories.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.