Description

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account (and not the user account itself). Such rules could also be used by a nefarious, unprivileged user to catalog and enumerate any number of IP addresses related to these account creations.

Remediation

References

CVE-2021-31552

Related Vulnerabilities

Plone CMS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2024-0669)

WordPress Plugin YITH WooCommerce Frequently Bought Together Security Bypass (1.2.10)

Moodle Improper Input Validation Vulnerability (CVE-2020-10738)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2006-2417)

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (6.0.9)

Severity

Medium

Classification

CVE-2021-31552 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities