CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
50.1%
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through
1.35.x before 1.35.2. When using the MediaWiki API to “protect” a page, a
user is currently able to protect to a higher level than they currently
have permissions for.
gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/27ba9e0ef0c7ec76331fd92bc549bb2c0d60979a
launchpad.net/bugs/cve/CVE-2021-30152
lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
nvd.nist.gov/vuln/detail/CVE-2021-30152
phabricator.wikimedia.org/T270713
security-tracker.debian.org/tracker/CVE-2021-30152
www.cve.org/CVERecord?id=CVE-2021-30152
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
50.1%