VDB
CVE-2021-30155
CVE-2021-30155
PUBLISHED
CVSS 4.300000190734863 MEDIUM
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.
EPSS 0.32% · 55.2th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.32%
55.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mediawiki | mediawiki | 1.32.0, 0 |
| n/a | n/a | n/a |
| fedoraproject | fedora | 34, 33 |
| debian | debian_linux | 9.0, 10.0 |
Exploit Intelligence
- https://phabricator.wikimedia.org/T270988 (nist-nvd)
- DSA-4889 (circl)
- FEDORA-2021-f4223b6684 (circl)
- FEDORA-2021-d298103d3a (circl)
- [debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update (circl)
- [debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update (circl)
- GLSA-202107-40 (circl)
Timeline
- Apr 9, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://phabricator.wikimedia.org/T270988 url
- DSA-4889 vendor-advisory
- FEDORA-2021-f4223b6684 vendor-advisory
- FEDORA-2021-d298103d3a vendor-advisory
- [debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update mailing-list
- [debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update mailing-list
- GLSA-202107-40 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-30155 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT url