PT-2021-21129 · Mediawiki+1 · Mediawiki+1

Umherirrender

Published

2021-06-12

Updated

2024-03-06

CVE-2021-36132

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36

Description: An issue was discovered in the FileImporter extension. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations, specifically file uploads, that they should not be allowed to perform.

Recommendations: For versions through 1.36, consider restricting the use of the FileImporter extension until a patch is available, or review and adjust the configuration of the $wgFileImporterRequiredRight variable to ensure proper validation of user rights.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALT-PU-2021-1991

ALT-PU-2021-2091

BIT-MEDIAWIKI-2021-36132

CVE-2021-36132

Affected Products

Alt Linux

Mediawiki

PT-2021-21129 · Mediawiki+1 · Mediawiki+1

CVE-2021-36132

Weakness Enumeration

Related Identifiers

Affected Products

References · 7