#VU52574 Unquoted Search Path or Element in MediaWiki - CVE-2021-31553

Cybersecurity Help s.r.o.

Published: 2021-04-26

Vulnerability identifier: #VU52574

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-31553

CWE-ID: CWE-428

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MediaWiki
Web applications / CMS

Vendor: MediaWiki.org

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to an unquoted search path issue in the CheckUser extension. A remote attacker can turn off Special:CheckUserLog and thus interfere with usage tracking.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MediaWiki: 1.31.0 - 1.35.1

External links
https://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000274.html
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666963
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666964
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667027
https://phabricator.wikimedia.org/T275669
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667025
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667023
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667024

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in MediaWiki