PT-2021-19425 · Mediawiki+1 · Mediawiki+2

Daimona

Published

2021-04-22

Updated

2024-03-06

CVE-2021-31554

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki versions through 1.35.2 AbuseFilter extension for MediaWiki versions through 1.35.2

Description An issue in the AbuseFilter extension for MediaWiki improperly handled account blocks for certain automatically created MediaWiki user accounts. This allowed malicious users to remain unblocked.

Recommendations For MediaWiki versions through 1.35.2, update to a version that includes a fix for the issue in the AbuseFilter extension. For the AbuseFilter extension for MediaWiki versions through 1.35.2, update the extension to a version that properly handles account blocks for automatically created user accounts.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALT-PU-2021-1991

ALT-PU-2021-2091

BIT-MEDIAWIKI-2021-31554

CVE-2021-31554

Affected Products

Alt Linux

Abusefilter Extension

Mediawiki

PT-2021-19425 · Mediawiki+1 · Mediawiki+2

CVE-2021-31554

Weakness Enumeration

Related Identifiers

Affected Products

References · 5