7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
56.6%
Updated mediawiki packages fix security vulnerabilities: == Security fixes == * (T292763. CVE-2021-44854) REST API incorrectly publicly caches autocomplete search results from private wikis. * (T271037, CVE-2021-44856) Title blocked in AbuseFilter can be created via Special:ChangeContentModel. * (T297322, CVE-2021-44857) Unauthorized users can use action=mcrundo to replace the content of arbitrary pages. * (T297322, CVE-2021-44858) Unauthorized users can view contents of private wikis using various actions. * (T297574, CVE-2021-45038) Unauthorized users can access private wiki contents using rollback action === Extension security fixes === * (T293589, CVE-2021-44855) Blind Stored XSS in VisualEditor media dialog. * (T294686) Special:Nuke doesn’t actually delete pages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | mediawiki | < 1.35.5-1 | mediawiki-1.35.5-1.mga8 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
56.6%