CVE-2021-30152
Published: 9 April 2021
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.
Priority
CVSS 3 base score: 4.3
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
- https://phabricator.wikimedia.org/T270713
- https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
- https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/27ba9e0ef0c7ec76331fd92bc549bb2c0d60979a
- NVD
- Launchpad
- Debian