CVE-2021-31553

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions MediaWiki versions through 1.35.2

Description An issue in the CheckUser extension allows MediaWiki usernames with trailing whitespace to be stored in the cu log database table, causing denial of service for certain CheckUser extension pages and functionality. This could interfere with usage tracking, for example, by turning off Special:CheckUserLog.

Recommendations For versions through 1.35.2, consider temporarily restricting access to the CheckUser extension until a fix is applied to prevent the storage of usernames with trailing whitespace in the cu log database table.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

ALT-PU-2021-1991

ALT-PU-2021-2091

BIT-MEDIAWIKI-2021-31553

CVE-2021-31553

Affected Products

Alt Linux

Checkuser Extension

Mediawiki

CVE-2021-31553

Weakness Enumeration

Related Identifiers

Affected Products

References · 10