CVE-2021-30152

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-30152
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
https://phabricator.wikimedia.org/T270713 Exploit Issue Tracking Patch Vendor Advisory
https://security.gentoo.org/glsa/202107-40 Third Party Advisory
https://www.debian.org/security/2021/dsa-4889 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
History

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-732 CWE-269

08 Dec 2021, 20:34

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202107-40 - Third Party Advisory
References (MISC) https://phabricator.wikimedia.org/T270713 - Exploit, Vendor Advisory (MISC) https://phabricator.wikimedia.org/T270713 - Exploit, Issue Tracking, Patch, Vendor Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/ - Third Party Advisory (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/ - Third Party Advisory (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/ - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Information

Published : 2021-04-09 07:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-30152

Mitre link : CVE-2021-30152

CVE.ORG link : CVE-2021-30152

JSON object : View

Products Affected

debian

  • debian_linux

fedoraproject

  • fedora

mediawiki

  • mediawiki
CWE
CWE-269

Improper Privilege Management