CVE-2021-30153

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki versions 1.31 through 1.31.12 MediaWiki versions 1.32.x through 1.35.1

Description An issue was discovered in the VisualEditor extension. When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. This is related to ApiVisualEditor.

Recommendations For MediaWiki versions 1.31 through 1.31.12, update to version 1.31.13 or later. For MediaWiki versions 1.32.x through 1.35.1, update to version 1.35.2 or later. As a temporary workaround, consider restricting access to the ApiVisualEditor until a patch is available.

Exploit

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

ALT-PU-2021-1712

ALT-PU-2021-2091

BIT-MEDIAWIKI-2021-30153

CVE-2021-30153

Affected Products

Alt Linux

Mediawiki

Visualeditor

CVE-2021-30153

Weakness Enumeration

Related Identifiers

Affected Products

References · 78