Unrated severityNVD Advisory· Published Jul 2, 2021· Updated Aug 4, 2024
CVE-2021-35197
CVE-2021-35197
Description
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- MediaWiki/MediaWikidescription
Patches
Vulnerability mechanics
References
8- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202107-40mitrevendor-advisoryx_refsource_GENTOO
- www.debian.org/security/2021/dsa-4979mitrevendor-advisoryx_refsource_DEBIAN
- lists.debian.org/debian-lts-announce/2021/10/msg00003.htmlmitremailing-listx_refsource_MLIST
- lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/mitrex_refsource_CONFIRM
- phabricator.wikimedia.org/T280226mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.