vulnerability
Ubuntu: (CVE-2021-30159): mediawiki vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:P/A:N) | Apr 9, 2021 | Jun 26, 2025 | Jun 26, 2025 |
Description
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master.
Solution
References
- CVE-2021-30159
- https://attackerkb.com/topics/CVE-2021-30159
- URL-https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/49ce7dd2143d01cffd4dfd2f2af79b2b93672eac%5E%21/
- URL-https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
- URL-https://phabricator.wikimedia.org/T272386
- URL-https://www.cve.org/CVERecord?id=CVE-2021-30159
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.