Description
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Share Icons & Social Share Buttons Cross-Site Scripting (3.0.5)
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-25982)
Moodle Improper Authentication Vulnerability (CVE-2021-40693)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4605)