Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Improper Authentication Vulnerability (CVE-2021-30158)

Description

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.

Remediation

References

Related Vulnerabilities

WordPress Plugin Zoho SalesIQ Multiple Vulnerabilities (1.0.8)

Liferay Portal Improper Certificate Validation Vulnerability (CVE-2022-42131)

Oracle JRE CVE-2012-5068 Vulnerability (CVE-2012-5068)

WordPress Plugin Lazy SEO Arbitrary File Upload (1.3.2)

Oracle Database Server CVE-2006-3701 Vulnerability (CVE-2006-3701)

Severity

Medium

Classification

CVE-2021-30158 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities