CVE-2021-30159Incorrect Authorization in Mediawiki

CWE-863Incorrect Authorization5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 24.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
MediawikiDebian MediawikiDebian Linux+1 more
Timeline
PublishedApr 9
Latest updateMay 24

Description

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.35.2-1 (bookworm)
NVDmediawiki/mediawiki1.32.01.35.2+1
Debianmediawiki/mediawiki< 1:1.35.2-1+3

Also affects: Debian Linux 10.0, 9.0, Fedora 33, 34

Patches

Patch: phabricator.wikimedia.orgPatch: phabricator.wikimedia.org

🔴Vulnerability Details

2
GHSA
GHSA-67j2-jh4p-rj4j: An issue was discovered in MediaWiki before 12022-05-24
OSV
CVE-2021-30159: An issue was discovered in MediaWiki before 12021-04-09

📋Vendor Advisories

2
Red Hat
mediawiki: users can bypass intended restrictions on deleting pages in certain "fast double move" situations2021-04-08
Debian
CVE-2021-30159: mediawiki - An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x be...2021
CVE-2021-30159 — Incorrect Authorization in Mediawiki | cvebase