PT-2021-19426 · Unknown+2 · Oauth Extension+2

Reedy

Published

2021-04-22

Updated

2024-03-06

CVE-2021-31555

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki versions through 1.35.2

Description An issue was discovered in the Oauth extension for MediaWiki. It did not validate the oarc version (also known as oauth registered consumer.oarc version) parameter's length.

Recommendations For MediaWiki versions through 1.35.2, as a temporary workaround, consider restricting access to the Oauth extension until a patch is available. Avoid using the oarc version parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2021-1991

ALT-PU-2021-2091

BIT-MEDIAWIKI-2021-31555

CVE-2021-31555

Affected Products

Alt Linux

Mediawiki

Oauth Extension

PT-2021-19426 · Unknown+2 · Oauth Extension+2

CVE-2021-31555

Weakness Enumeration

Related Identifiers

Affected Products

References · 6