CVE-2022-24813 is an authentication bypass vulnerability identified in the CreateWiki extension of Miraheze's MediaWiki platform. CreateWiki facilitates the requesting and creation of new wikis through a web interface. The vulnerability arises from improper authentication controls (CWE-287) and the use of an alternate path or channel that bypasses authentication checks (CWE-288). Specifically, unauthenticated users can submit anonymous comments or requests by directly sending POST requests to the Special:RequestWikiQueue endpoint. This bypass allows attackers to interact with the system in ways that should require authentication, potentially leading to unauthorized content submissions or manipulation of the wiki request queue. The issue affects all versions of CreateWiki prior to commit d0ae79843d689832ccac765d6b1721e668d99ab9, with a patch available in the master branch of the CreateWiki GitHub repository. No known exploits have been reported in the wild to date. The vulnerability does not directly compromise the core MediaWiki platform but specifically targets the CreateWiki extension used by Miraheze, a popular wiki hosting service. The attack vector requires no authentication and can be executed remotely via crafted HTTP POST requests, making it relatively easy to exploit. However, the impact is limited to the ability to post anonymous comments or requests, without direct access to sensitive data or system control. The vulnerability was publicly disclosed in April 2022 and has been assigned a medium severity rating by the vendor.

For European organizations using Miraheze's CreateWiki extension, this vulnerability could allow unauthorized users to submit anonymous wiki creation requests or comments. While this does not directly lead to data breaches or system compromise, it can result in spam, misinformation, or abuse of the wiki creation process. This could degrade the quality and trustworthiness of hosted wikis, potentially impacting organizations relying on Miraheze for collaborative knowledge management or public information dissemination. Additionally, if attackers flood the request queue with malicious or irrelevant content, it could lead to operational disruptions or increased administrative overhead. Although the vulnerability does not grant direct access to confidential information or system controls, the ability to bypass authentication undermines the integrity of the wiki request process. European organizations in education, research, public administration, or community-driven projects using Miraheze-hosted wikis are particularly at risk of reputational damage or operational inefficiencies due to this issue.

Organizations should immediately update the CreateWiki extension to the latest patched version available in the master branch of the official GitHub repository to remediate this authentication bypass vulnerability. Until the patch is applied, administrators can implement web application firewall (WAF) rules to block or monitor POST requests to the Special:RequestWikiQueue endpoint originating from unauthenticated sources. Rate limiting and CAPTCHA challenges on the wiki request submission form can help mitigate automated abuse. Additionally, reviewing and tightening access controls on the CreateWiki extension configuration to restrict anonymous interactions is recommended. Regular auditing of the request queue for suspicious or spam entries should be conducted to identify potential abuse early. Organizations should also monitor Miraheze and MediaWiki security advisories for any updates or related vulnerabilities. Finally, educating wiki administrators on recognizing and handling anomalous requests can reduce the impact of exploitation attempts.