vulnerability

MediaWiki: Incorrect Permission Assignment for Critical Resource (CVE-2021-36129)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:P/A:N)	Jul 2, 2021	Jul 9, 2021	Jul 9, 2021

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Jul 2, 2021

Added

Jul 9, 2021

Modified

Jul 9, 2021

Description

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata.

Solution

mediawiki-upgrade-latest

References

CVE-2021-36129
https://attackerkb.com/topics/CVE-2021-36129
URL-https://gerrit.wikimedia.org/r/q/I3619a7e88c2eb979babb7b027d4fdbfabc0af792
URL-https://phabricator.wikimedia.org/T282932

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today