CVE-2021-29483 – CVE-2021-29483 is an information disclosure vul... (How to Fix)

Q: What is the severity of CVE-2021-29483?

CVE-2021-29483 has a CVSS score of 9.4 (CRITICAL). CVE-2021-29483 is an information disclosure vulnerability in ManageWiki, a MediaWiki extension. It allows any user to access private configuration variables through the 'wikiconfig' API endpoint, potentially exposing sensitive system information. All MediaWiki installations using vulnerable versions of ManageWiki are affected.

📋 TL;DR

CVE-2021-29483 is an information disclosure vulnerability in ManageWiki, a MediaWiki extension. It allows any user to access private configuration variables through the 'wikiconfig' API endpoint, potentially exposing sensitive system information. All MediaWiki installations using vulnerable versions of ManageWiki are affected.

💻 Affected Systems

Products:

ManageWiki (MediaWiki extension)

Versions: All versions before commit befb83c66f5b643e174897ea41a8a46679b26304

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects any MediaWiki installation with ManageWiki extension enabled and using the vulnerable API endpoint.

📦 What is this software?

Managewiki by Miraheze

View all CVEs affecting Managewiki →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain access to sensitive configuration data including database credentials, API keys, authentication secrets, and other private variables, leading to complete system compromise.

🟠

Likely Case

Unauthorized users access private configuration variables, exposing sensitive information that could be used for further attacks or reconnaissance.

🟢

If Mitigated

With proper access controls and patching, only authorized administrators can access configuration data, maintaining confidentiality.

🌐 Internet-Facing: HIGH - The vulnerability affects API endpoints accessible to all users, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable to insider threats or compromised internal accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only access to the 'wikiconfig' API endpoint, which is available to all users by default.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit befb83c66f5b643e174897ea41a8a46679b26304

Vendor Advisory: https://github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vv

Restart Required: No

Instructions:

1. Update ManageWiki to commit befb83c66f5b643e174897ea41a8a46679b26304 or later. 2. Apply the patch from https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. 3. Clear MediaWiki cache if necessary.

🔧 Temporary Workarounds

Disable wikiconfig API

all

Disables the vulnerable API endpoint by setting it to ApiQueryDisabled

Add to LocalSettings.php: $wgAPIListModules['wikiconfig'] = 'ApiQueryDisabled';

🧯 If You Can't Patch

Remove all private configuration variables from ManageWiki settings
Implement network-level access controls to restrict API endpoint access to authorized users only

🔍 How to Verify

Check if Vulnerable:

Access the API endpoint at /api.php?action=query&list=wikiconfig and check if private configuration variables are returned.

Check Version:

Check ManageWiki version in MediaWiki extension directory or via git log in the extension folder.

Verify Fix Applied:

After patching, access the same API endpoint and verify private configuration variables are no longer returned.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to /api.php with action=query&list=wikiconfig
Multiple requests to wikiconfig API from single or multiple users

Network Indicators:

HTTP requests to API endpoint with wikiconfig parameter from unauthorized IPs

SIEM Query:

source="web_server" AND uri_path="/api.php" AND query_string="*wikiconfig*"

📊 Metadata

CVE ID: CVE-2021-29483

CVSS v3 Score: 9.4 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

CWE: CWE-200

Published: April 28, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679b26304 Patch,Third Party Advisory
https://github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vv Mitigation,Patch,Third Party Advisory
https://phabricator.miraheze.org/T7213 Issue Tracking,Third Party Advisory
https://github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679b26304 Patch,Third Party Advisory
https://github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vv Mitigation,Patch,Third Party Advisory
https://phabricator.miraheze.org/T7213 Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29483, you might also want to check these: