An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-22764 An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T00:47:43.805Z

Reserved: 2021-07-02T00:00:00

Link: CVE-2021-36132

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-07-02T13:15:07.953

Modified: 2024-11-21T06:13:10.993

Link: CVE-2021-36132

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.