CVE-2021-30158

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki versions 1.31.12 and earlier MediaWiki versions 1.32.x through 1.35.1

Description An issue in MediaWiki has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party. The problem is related to shortcomings in the authentication procedure, which could allow an attacker to disclose protected information.

Recommendations For MediaWiki versions 1.31.12 and earlier, update to version 1.31.12 or later. For MediaWiki versions 1.32.x through 1.35.1, update to version 1.35.2 or later. As a temporary workaround, consider restricting access to the Special:ResetTokens page for blocked users until a patch is available.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2021-1712

ALT-PU-2021-2091

BDU:2021-03167

BIT-MEDIAWIKI-2021-30158

CVE-2021-30158

DLA-2648-1

DLA-2648-2

DSA-4889-1

MGASA-2021-0218

Affected Products

Alt Linux

Mediawiki

CVE-2021-30158

Weakness Enumeration

Related Identifiers

Affected Products

References · 33