How severe is CVE-2024-47816?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2024-47816?

This is classified as CWE-282, which is a common weakness in software security.

CVE-2024-47816 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they're the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it's marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that.

Related Vulnerabilities

CVE-2023-7226

MEDIUM

CVSS:6.5(Medium)

A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. Th...

CWE-2822023

CVE-2024-45104

MEDIUM

CVSS:6.5(Medium)

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.

CWE-2822024

CVE-2022-0026

MEDIUM

CVSS:6.7(Medium)

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows r...

CWE-2822022

CVE-2023-0989

MEDIUM

CVSS:5.7(Medium)

An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected C...

CWE-2822023

CVE-2024-13249

MEDIUM

CVSS:5.4(Medium)

Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1....

CWE-2822024

CVE-2024-43176

MEDIUM

CVSS:5.4(Medium)

IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.

CWE-2822024