An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 17 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Fedoraproject
Fedoraproject fedora
Mediawiki
Mediawiki mediawiki
CPEs cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Vendors & Products Fedoraproject
Fedoraproject fedora
Mediawiki
Mediawiki mediawiki

Wed, 21 Aug 2024 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-352
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-21T20:00:39.261Z

Reserved: 2024-05-05T00:00:00

Link: CVE-2024-34502

cve-icon Vulnrichment

Updated: 2024-08-02T02:51:11.473Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-05T19:15:07.197

Modified: 2025-06-17T14:53:28.127

Link: CVE-2024-34502

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-05T00:00:00Z

Links: CVE-2024-34502 - Bugzilla

cve-icon OpenCVE Enrichment

No data.