Vulnerabilities > CVE-2021-31552 - Incorrect Authorization vulnerability in Mediawiki

047910
CVSS 5.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
mediawiki
CWE-863
NVD
Published: 2021-04-22
Updated: 2022-07-12

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account (and not the user account itself). Such rules could also be used by a nefarious, unprivileged user to catalog and enumerate any number of IP addresses related to these account creations.

Vulnerable Configurations

Part Description Count
Application
Mediawiki
379

Common Weakness Enumeration (CWE)

References