Vulnerability Details : CVE-2021-30159
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master.
Products affected by CVE-2021-30159
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-30159
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-30159
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2021-30159
-
https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html
[SECURITY] [DLA 2648-1] mediawiki security updateThird Party Advisory
-
https://phabricator.wikimedia.org/T272386
⚓ T272386 CVE-2021-30159: Non-admin deleted enwiki page in fast double moveExploit;Patch;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
[SECURITY] Fedora 33 Update: mediawiki-1.35.2-1.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html
[SECURITY] [DLA 2648-2] mediawiki regression updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
[SECURITY] Fedora 34 Update: mediawiki-1.35.2-1.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.debian.org/security/2021/dsa-4889
Debian -- Security Information -- DSA-4889-1 mediawikiThird Party Advisory
-
https://security.gentoo.org/glsa/202107-40
MediaWiki: Multiple vulnerabilities (GLSA 202107-40) — Gentoo securityThird Party Advisory
Jump to