SB2021070908 - Multiple vulnerabilities in MediaWiki
Published: July 9, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Stored cross-site scripting (CVE-ID: CVE-2021-36130)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within various SystemGifts-related in the SocialProfile extension. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Stored cross-site scripting (CVE-ID: CVE-2021-36131)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the SportsTeams extension. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Improper Authorization (CVE-ID: CVE-2021-36132)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to improper authorization enforcement in the FileImporter extension. A remote authenticated attacker can perform operations (specifically file uploads) that they should not be allowed to perform.
4) Information disclosure (CVE-ID: CVE-2021-29483)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the "wikiconfig" API. A remote attacker can gain unauthorized access to sensitive information on the system.
5) Infinite loop (CVE-ID: CVE-2021-36125)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the Special:GlobalRenameRequest page. A remote attacker can consume all available system resources and cause denial of service conditions.
6) Improper Authentication (CVE-ID: CVE-2021-36128)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the Autoblocks for CentralAuth-issued suppression blocks are not properly implemented. A remote attacker can bypass authentication process and gain unauthorized access to the application.
7) Information disclosure (CVE-ID: CVE-2021-36127)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the CentralAuth extension within the Special:GlobalUserRights page. A remote authenticated attacker can gain unauthorized access to sensitive information on the system.
8) Incorrect permission assignment for critical resource (CVE-ID: CVE-2021-36129)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists in the Translate extension due to the Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set. A remote authenticated attacker can delete various groups' metadata.
9) Improper access control (CVE-ID: CVE-2021-36126)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists in the AbuseFilter extension when the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
Remediation
Install update from vendor's website.
References
- https://phabricator.wikimedia.org/T281043
- https://gerrit.wikimedia.org/r/q/Id915eba45497a1a0dc1c4e00818a2fd4c0ce55d3
- https://phabricator.wikimedia.org/T281196
- https://gerrit.wikimedia.org/r/q/Ic312cc9b8463c8e7c3298a661abfcff2cc2332cb
- https://phabricator.wikimedia.org/T280590
- https://gerrit.wikimedia.org/r/q/I8ff2a67abd2c118a3469e4410eac2a451bfa76c3
- https://github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vv
- https://phabricator.miraheze.org/T7213
- https://github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679b26304
- https://phabricator.wikimedia.org/T260865
- https://gerrit.wikimedia.org/r/q/I97d8b3236b5abed8ba9a9c4d3ab5050c2e782c22
- https://gerrit.wikimedia.org/r/q/I3e65690695313380c798b62edfda726b6e374f89
- https://gerrit.wikimedia.org/r/q/I15d14c88a1e30df92c470bc191c4ee573172d4d1
- https://phabricator.wikimedia.org/T281972
- https://phabricator.wikimedia.org/T285190
- https://gerrit.wikimedia.org/r/q/I4e4dbcad61e1d4f6fd8b038bf63d19c69081a8ec
- https://phabricator.wikimedia.org/T282932
- https://gerrit.wikimedia.org/r/q/I3619a7e88c2eb979babb7b027d4fdbfabc0af792
- https://phabricator.wikimedia.org/T284364
- https://gerrit.wikimedia.org/r/q/I9e9f44b7663e810de70fb9ac7f6760f83dd4895b