CVE-2021-30155 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-30155 PUBLISHED CVSS 4.300000190734863 MEDIUM

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.

EPSS 0.45% · 63.3th percentile

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS Score

0.45%

63.3th percentile

Affected Products

Vendor	Product	Versions
mediawiki	mediawiki	0, 1.32.0
n/a	n/a	n/a
fedoraproject	fedora	33, 34
debian	debian_linux	9.0, 10.0

Timeline

Apr 9, 2021 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

https://phabricator.wikimedia.org/T270988 url
DSA-4889 vendor-advisory
FEDORA-2021-f4223b6684 vendor-advisory
FEDORA-2021-d298103d3a vendor-advisory
[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update mailing-list
[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update mailing-list
GLSA-202107-40 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-30155 advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT url

Open in Interactive Console →