Description

An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.

Remediation

References

CVE-2021-30152

Related Vulnerabilities

WordPress Plugin Social Share Icons & Social Share Buttons Cross-Site Scripting (3.0.5)

Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-25982)

Moodle Improper Authentication Vulnerability (CVE-2021-40693)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4605)

Severity

Medium

Classification

CVE-2021-30152 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities