CVE-2024-34506 is a denial of service vulnerability identified in the MediaWiki software, specifically within the includes/specials/SpecialMovePage.php file. The issue arises when a user who has the necessary permissions to move pages attempts to move a page that contains a very large number of subpages—on the order of tens of thousands. The process of loading and handling this large number of subpages during the move operation causes the request to exceed the maximum allowed execution time on the server, leading to a denial of service condition. This vulnerability affects MediaWiki versions before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. The CVSS v3.1 score is 7.5 (high severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality or integrity impact (C:N/I:N), and high impact on availability (A:H). Exploitation requires an authenticated user with move page rights but does not require additional user interaction beyond initiating the move. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption), indicating that the root cause is excessive resource usage leading to service disruption. No known public exploits have been reported yet. The vulnerability can cause significant service disruption for MediaWiki instances managing large hierarchical content structures, especially in environments where page moves are common administrative tasks. The absence of patches in the provided data suggests that upgrading to the specified fixed versions or applying vendor patches when available is the recommended remediation.

For European organizations, this vulnerability poses a risk primarily to the availability of MediaWiki-based services. MediaWiki is widely used in public sector, educational institutions, and enterprises across Europe for collaborative documentation and knowledge management. A denial of service caused by this vulnerability could disrupt internal and external wiki services, impacting operational continuity and information access. Organizations with large-scale MediaWiki deployments containing extensive page hierarchies are particularly vulnerable, as the move operation on pages with tens of thousands of subpages triggers the issue. This could lead to administrative delays and potential downtime, affecting workflows dependent on wiki content management. While confidentiality and integrity are not impacted, the availability disruption could have cascading effects on business processes, especially in government agencies and research institutions that rely heavily on MediaWiki. The requirement for authenticated users with move rights limits the attack surface but insider threats or compromised accounts could exploit this vulnerability. The lack of known exploits reduces immediate risk but does not eliminate the potential for future exploitation.

European organizations should prioritize upgrading MediaWiki installations to versions 1.39.7, 1.40.3, or 1.41.1 and later, where this vulnerability is addressed. Until upgrades are applied, administrators should restrict move page permissions to trusted users only and monitor for unusual move operations involving pages with large numbers of subpages. Implementing rate limiting or timeout controls on the Special:MovePage functionality can help mitigate excessive resource consumption. Organizations should audit their wiki content to identify pages with large subpage counts and avoid moving these pages unless necessary. Additionally, consider segmenting large wiki structures to reduce the number of subpages under a single page. Monitoring server performance and logs for signs of denial of service attempts related to page moves is recommended. If possible, disable or restrict the Special:MovePage feature temporarily in high-risk environments until patches are applied. Finally, maintain awareness of vendor advisories and apply patches promptly when released.