FreeBSDF84AB297-2285-11EC-9E79-08002789875Bmediawiki -- multiple vulnerabilities
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.8%
Mediawiki reports:
(T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.
(T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
table scan.
(T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
Special:Contributions.
(T279090, CVE-2021-41801) SECURITY: ReplaceText continues performing
actions if the user no longer has the correct permission (such as by being
blocked).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | mediawiki131 | < 1.31.16 | UNKNOWN |
| FreeBSD | any | noarch | mediawiki135 | < 1.35.4 | UNKNOWN |
| FreeBSD | any | noarch | mediawiki136 | < 1.36.2 | UNKNOWN |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.8%