Description

An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.

Remediation

References

CVE-2021-30152

Related Vulnerabilities

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Information Disclosure (3.4.7)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2572)

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-36099)

WordPress Plugin CMS Tree Page View 'cms_tpv_view' Parameter Cross-Site Scripting (0.8.8)

WordPress Plugin Analytics-Gtag Restricted File Upload (1.8.1)

Severity

Medium

Classification

CVE-2021-30152 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities