CVE-2021-30159

Published: Apr 9, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master.

Affected (6)

Products: Mediawiki: Mediawiki · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mediawiki Mediawiki	Before 1.31.12
Mediawiki Mediawiki	From 1.32.0 to 1.35.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

References (14)

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/

Source: cve@mitre.org

https://phabricator.wikimedia.org/T272386

Source: cve@mitre.org

ExploitPatchVendor Advisory

https://security.gentoo.org/glsa/202107-40

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2021/dsa-4889

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/

Source: af854a3a-2127-422b-91ae-364da2661108

https://phabricator.wikimedia.org/T272386

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

https://security.gentoo.org/glsa/202107-40

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2021/dsa-4889

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.