CVE-2021-30152

Beschreibung:
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to „protect“ a page, a user is currently able to protect to a higher level than they currently have permissions for.

CWE: CWE-732 CWE-284

CVSS-Bewertung
CVSS 2: MEDIUM – 4 (Version: 2.0)
CVSS 3: MEDIUM – 4.3 (Version: 3.1)

Links:

NVD – CVE-2021-30152
CVE – CVE-2021-30152

Link (max. 20) Quelle Tags
https://phabricator.wikimedia.org/T270713 MISC Exploit Vendor Advisory Vendor Advisory
DSA-4889 DEBIAN Third Party Advisory Third Party Advisory
FEDORA-2021-f4223b6684 FEDORA Third Party Advisory Third Party Advisory
FEDORA-2021-d298103d3a FEDORA Third Party Advisory Vendor Advisory
[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update MLIST Third Party Advisory Vendor Advisory
[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update MLIST Mailing List Vendor Advisory
[creadur-dev] 20210427 [jira] [Created] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity MLIST Mailing List Vendor Advisory
[creadur-dev] 20210427 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity MLIST Mailing List Vendor Advisory
[creadur-dev] 20210427 [jira] [Closed] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity MLIST Mailing List Vendor Advisory
[creadur-dev] 20210427 [jira] [Updated] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity MLIST Mailing List Vendor Advisory
[pulsar-commits] 20210429 [pulsar] branch branch-2.7 updated: [Security] Upgrade commons-io to address CVE-2021-29425 (#10287) MLIST Mailing List Third Party Advisory
[myfaces-dev] 20210504 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #808: build: CVE fix MLIST Mailing List Third Party Advisory Vendor Advisory

Quelle: NVD – CVE-2021-30152
Datum Veröffentlichung: 2021-04-09T07:15Z, Datum letzte Änderung: 2021-05-06T23:15Z