CVE-2021-31552

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki versions through 1.35.2

Description An issue in the AbuseFilter extension for MediaWiki allows certain rules related to blocking accounts after account creation to be executed incorrectly. This could enable user accounts to be created while only blocking the IP address used for creation, rather than the account itself. Additionally, a malicious, unprivileged user could utilize such rules to catalog and enumerate numerous IP addresses associated with account creations.

Recommendations For MediaWiki versions through 1.35.2, update to a version that includes a fix for this issue to prevent incorrect execution of AbuseFilter rules. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALT-PU-2021-1991

ALT-PU-2021-2091

BIT-MEDIAWIKI-2021-31552

CVE-2021-31552

Affected Products

Alt Linux

Mediawiki

CVE-2021-31552

Weakness Enumeration

Related Identifiers

Affected Products

References · 5