Lucene search

K

MitreCVELIST:CVE-2021-30158

HistoryApr 06, 2021 - 6:42 a.m.

CVE-2021-30158

2021-04-0606:42:45

mitre

www.cve.org

7

mediawiki

blocked users

special:resettokens

token compromise

security vulnerability

AI Score

6.4

Confidence

High

EPSS

0.007

Percentile

80.1%

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.

References

lists.debian.org/debian-lts-announce/2021/05/msg00003.html

lists.debian.org/debian-lts-announce/2021/05/msg00006.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/

phabricator.wikimedia.org/T277009

security.gentoo.org/glsa/202107-40

www.debian.org/security/2021/dsa-4889

AI Score

6.4

Confidence

High

EPSS

0.007

Percentile

80.1%

Related for CVELIST:CVE-2021-30158

ubuntucve1 redhatcve1 veracode1 prion1 nvd1 osv4 debiancve1 cve1 openvas7 mageia1 debian3 nessus3 fedora2 gentoo1 altlinux1