Bug 2036702 (CVE-2021-44857) - CVE-2021-44857 mediawiki: information disclosure and manipulation possible under specific conditions
Summary: CVE-2021-44857 mediawiki: information disclosure and manipulation possible un...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2021-44857
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2036703
Blocks: 2036706
TreeView+ depends on / blocked
 
Reported: 2022-01-03 15:54 UTC by Marian Rehak
Modified: 2022-01-07 17:53 UTC (History)
11 users (show)

Fixed In Version: mediawiki 1.35.5, mediawiki 1.36.3, mediawiki 1.37.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in mediawiki. The "mcrundo" and "mcrrestore" actions (action=mcrundo and action=mcrrestore) did not properly check for editing permissions and allowed an attacker to take the content of any arbitrary revision and save it on any page of their choosing. This affects both public wikis and public pages on private wikis.
Clone Of:
Environment:
Last Closed: 2022-01-07 16:40:37 UTC


Attachments (Terms of Use)

Description Marian Rehak 2022-01-03 15:54:00 UTC
It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead.

Upstream Reference:

https://www.mediawiki.org/wiki/2021-12_security_release/FAQ

Comment 1 Marian Rehak 2022-01-03 15:54:20 UTC
Created mediawiki tracking bugs for this issue:

Affects: fedora-all [bug 2036703]

Comment 2 Product Security DevOps Team 2022-01-07 16:40:35 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-44857


Note You need to log in before you can comment on or make changes to this bug.