add CVE-2024-47913 for mediawiki abusefilter extension

Signed-off-by: Weston Steimel <[email protected]>
anchore · Oct 8, 2024 · 5efa8fb · 5efa8fb
1 parent 478b0b9
commit 5efa8fb
Showing 1 changed file with 48 additions and 0 deletions.
diff --git a/data/anchore/2024/CVE-2024-47913.json b/data/anchore/2024/CVE-2024-47913.json
@@ -0,0 +1,48 @@
+{
+  "additionalMetadata": {
+    "cna": "mitre",
+    "cveId": "CVE-2024-47913",
+    "description": "An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1076855",
+      "https://phabricator.wikimedia.org/T372998"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:mediawiki:abusefilter:*:*:*:*:*:mediawiki:*:*"
+        ],
+        "product": "AbuseFilter",
+        "repo": "https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter",
+        "vendor": "MediaWiki",
+        "versions": [
+          {
+            "lessThan": "1.39.9",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "1.41.3",
+            "status": "affected",
+            "version": "1.40",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "1.42.2",
+            "status": "affected",
+            "version": "1.42",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}