Lucene search

K

MitreCVELIST:CVE-2021-35197

HistoryJul 02, 2021 - 12:28 p.m.

CVE-2021-35197

2021-07-0212:28:45

mitre

www.cve.org

7.7 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.2%

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a “sitewide block” applied, it is able to still “purge” pages through the MediaWiki Action API (which a “sitewide block” should have prevented).

References

lists.debian.org/debian-lts-announce/2021/10/msg00003.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/

lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/

phabricator.wikimedia.org/T280226

security.gentoo.org/glsa/202107-40

www.debian.org/security/2021/dsa-4979

7.7 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.2%

Related for CVELIST:CVE-2021-35197

archlinux1 osv4 openvas8 redhatcve1 prion1 veracode1 ubuntucve1 nvd1 cve1 altlinux1 debiancve1 mageia1 nessus3 debian2 fedora3 gentoo1