PT-2021-19885 · Mediawiki · Globalnewfiles

Rhinosf1

Published

2021-06-28

Updated

2021-09-20

CVE-2021-32722

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GlobalNewFiles versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d

Description The issue is related to an uncontrolled resource consumption vulnerability in the GlobalNewFiles mediawiki extension. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index.

Recommendations For versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d, consider avoiding the use of the extension unless additional rate limits are enabled at the MediaWiki level or via PoolCounter / MySQL as a temporary workaround. Update to version 48be7adb70568e20e961ea1cb70904454a671b1d, which includes a patch for the vulnerability.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-32722

GHSA-CWV5-C938-5H5H

Affected Products

Globalnewfiles

PT-2021-19885 · Mediawiki · Globalnewfiles

CVE-2021-32722

Weakness Enumeration

Related Identifiers

Affected Products

References · 9