Multiple vulnerabilities in MediaWiki
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 13 |
| CVE-ID | CVE-2021-31550 CVE-2021-31548 CVE-2021-31557 CVE-2021-31551 CVE-2021-31546 CVE-2021-31547 CVE-2021-31545 CVE-2021-31549 CVE-2021-31553 CVE-2021-31552 CVE-2021-31554 CVE-2021-31556 CVE-2021-31555 |
| CWE-ID | CWE-79 CWE-200 CWE-428 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
MediaWiki Web applications / CMS |
| Vendor | MediaWiki.org |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU52552
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31550
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the CommentBox extension. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMediaWiki: 1.31.0 - 1.35.1
External linkshttp://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
http://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/651934/
http://phabricator.wikimedia.org/T270767
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Exposure of Resource to Wrong Sphere
EUVDB-ID: #VU52553
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31548
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to exposure of resource to wrong sphere issue in the AbuseFilter extension. A remote authenticated attacker can bypass AbuseFilter and have their edits completed.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMediaWiki: 1.31.0 - 1.35.1
External linkshttp://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
http://phabricator.wikimedia.org/T272333
http://gerrit.wikimedia.org/r/q/Ifac795125927d584a31d95e1b4c4241eef860fa1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU52554
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31557
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the WikiLove extension. A remote attacker can gain unauthorized access to sensitive information on the system, such as existence of hidden users.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMediaWiki: 1.31.0 - 1.35.1
External linkshttp://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
http://gerrit.wikimedia.org/r/q/Ibcd87abe01719222beadcfc0de13038c3021adef
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cross-site scripting
EUVDB-ID: #VU52557
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31551
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the PageForms extension. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMediaWiki: 1.31.0 - 1.35.1
External linkshttp://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
http://phabricator.wikimedia.org/T259433
http://gerrit.wikimedia.org/r/q/I20b63bd38779d2ccbe2d86f9879df85ca3b685f6
http://gerrit.wikimedia.org/r/q/Ibe68b070ee791cd0c8e7f50eb04ac4e066b1512c
http://gerrit.wikimedia.org/r/q/I5e0abbc2f80e6bda255b3b32a4df39a7fe7d3793
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU52559
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31546
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the AbuseFilter extension. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMediaWiki: 1.31.0 - 1.35.1
External linkshttp://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
http://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553
http://phabricator.wikimedia.org/T71617
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Exposure of Resource to Wrong Sphere
EUVDB-ID: #VU52560
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31547
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to exposure of resource to wrong sphere issue in the AbuseFilter extension. A remote authenticated attacker can reveal suppressed edits and usernames through the iteration of crafted AbuseFilter rules.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMediaWiki: 1.31.0 - 1.35.1
External linkshttp://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
http://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75
http://phabricator.wikimedia.org/T223654
http://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU52567
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31545
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in the AbuseFilter extension due to the page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMediaWiki: 1.31.0 - 1.35.1
External linkshttp://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
http://phabricator.wikimedia.org/T71367
http://gerrit.wikimedia.org/r/q/I8d5ed9ca84282ee50832035af86123633fc88293
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information disclosure
EUVDB-ID: #VU52573
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31549
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the AbuseFilter extension. A remote authenticated attacker can use the Special:AbuseFilter/examine form to disclose the suppressed MediaWiki usernames.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMediaWiki: 1.31.0 - 1.35.1
External linkshttp://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
http://phabricator.wikimedia.org/T274152
http://gerrit.wikimedia.org/r/q/I71a6d521bd12931ce60eec4d2dc35af19146000f
http://gerrit.wikimedia.org/r/q/I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Unquoted Search Path or Element
EUVDB-ID: #VU52574
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31553
CWE-ID:
CWE-428 - Unquoted Search Path or Element
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to an unquoted search path issue in the CheckUser extension. A remote attacker can turn off Special:CheckUserLog and thus interfere with usage tracking.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMediaWiki: 1.31.0 - 1.35.1
External linkshttp://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
http://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666963
http://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666964
http://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667027
http://phabricator.wikimedia.org/T275669
http://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667025
http://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667023
http://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667024
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Exposure of Resource to Wrong Sphere
EUVDB-ID: #VU52575
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31552
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected software incorrectly executes certain rules related to blocking accounts after account creation in the AbuseFilter extension. A remote authenticated attacker can create user accounts or enumerate any number of IP addresses related to these account creations.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMediaWiki: 1.31.0 - 1.35.1
External linkshttp://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
http://phabricator.wikimedia.org/T152394
http://gerrit.wikimedia.org/r/q/I8bae477ad7e4d0190335363ac2decf28e4313da1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Exposure of Resource to Wrong Sphere
EUVDB-ID: #VU52576
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31554
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected software improperly handles account blocks for certain automatically created MediaWiki user accounts in the AbuseFilter extension. A remote authenticated attacker can remain unblocked.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMediaWiki: 1.31.0 - 1.35.1
External linkshttp://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
http://phabricator.wikimedia.org/T272244
http://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU52580
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31556
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected software does not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length in the Oauth extension.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMediaWiki: 1.31.0 - 1.35.1
External linkshttp://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
http://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU52586
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31555
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected software does not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length in the Oauth extension.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMediaWiki: 1.31.0 - 1.35.1
External linkshttp://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
http://gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d
http://phabricator.wikimedia.org/T277388
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
