Lucene search

[email protected]CVE-2021-31548

HistoryApr 22, 2021 - 3:15 a.m.

CVE-2021-31548

2021-04-2203:15:00

CWE-863

[email protected]

web.nvd.nist.gov

cve-2021-31548

issue

abusefilter

mediawiki

bypass

blocked

edits

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

18.0%

JSON

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed.

CPENameOperatorVersion
mediawiki:mediawikimediawikile1.35.2

CPE	Name	Operator	Version
mediawiki:mediawiki	mediawiki	le	1.35.2

References

gerrit.wikimedia.org/r/q/Ifac795125927d584a31d95e1b4c4241eef860fa1

phabricator.wikimedia.org/T272333

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

18.0%

JSON

Related for CVE-2021-31548

prion1 osv2 openvas2