Your submission was sent successfully! Close

CVE-2021-44857

Published: 17 December 2021

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
mediawiki
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(reached end-of-life)
impish Needed

jammy Not vulnerable
(1:1.35.5-1)
trusty Not vulnerable
(code not present)
upstream
Released (1:1.35.5-1)
xenial Does not exist