Vulnerability Description
An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | <= 1.36 |
Related Weaknesses (CWE)
References
- https://gerrit.wikimedia.org/r/q/I8ff2a67abd2c118a3469e4410eac2a451bfa76c3PatchVendor Advisory
- https://phabricator.wikimedia.org/T280590ExploitPatchVendor Advisory
- https://gerrit.wikimedia.org/r/q/I8ff2a67abd2c118a3469e4410eac2a451bfa76c3PatchVendor Advisory
- https://phabricator.wikimedia.org/T280590ExploitPatchVendor Advisory
FAQ
What is CVE-2021-36132?
CVE-2021-36132 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate ...
How severe is CVE-2021-36132?
CVE-2021-36132 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-36132?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.