vulnerability
MediaWiki: Unquoted Search Path or Element (CVE-2021-31553)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:N/I:P/A:P) | Apr 22, 2021 | Apr 26, 2021 | Apr 26, 2021 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
Published
Apr 22, 2021
Added
Apr 26, 2021
Modified
Apr 26, 2021
Description
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking.
Solution
mediawiki-upgrade-latest
References
- CVE-2021-31553
- https://attackerkb.com/topics/CVE-2021-31553
- URL-https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666963
- URL-https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666964
- URL-https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667023
- URL-https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667024
- URL-https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667025
- URL-https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667027
- URL-https://phabricator.wikimedia.org/T275669
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.