{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-08T02:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://phabricator.wikimedia.org/T296578"}, {"tags": ["x_refsource_MISC"], "url": "https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9"}, {"tags": ["x_refsource_MISC"], "url": "https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c"}, {"name": "FEDORA-2021-bef1126908", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-45471", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://phabricator.wikimedia.org/T296578", "refsource": "MISC", "url": "https://phabricator.wikimedia.org/T296578"}, {"name": "https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9", "refsource": "MISC", "url": "https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9"}, {"name": "https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c", "refsource": "MISC", "url": "https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c"}, {"name": "FEDORA-2021-bef1126908", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:39:21.138Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://phabricator.wikimedia.org/T296578"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c"}, {"name": "FEDORA-2021-bef1126908", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-45471", "datePublished": "2021-12-24T01:04:20", "dateReserved": "2021-12-24T00:00:00", "dateUpdated": "2024-08-04T04:39:21.138Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "27C47D85-B046-4EF2-AA03-69B0646A5C3D", "versionEndIncluding": "1.37", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items."}, {"lang": "es", "value": "En MediaWiki versiones hasta 1.37, las direcciones IP bloqueadas pueden editar elementos de EntitySchema"}], "id": "CVE-2021-45471", "lastModified": "2023-11-07T03:39:51.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-24T02:15:07.297", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://phabricator.wikimedia.org/T296578"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "mediawiki: blocked IP addresses are allowed to edit EntitySchema items", "id": "2036079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036079"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-863", "details": ["In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.", "A flaw was found in mediawiki in versions through 1.37. Blocked IP addresses are allowed to edit EntitySchema items."], "name": "CVE-2021-45471", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Out of support scope", "package_name": "mediawiki", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2021-12-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-45471\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-45471"], "statement": "The mediawiki package was removed from OpenShift Container Platform (OCP) in version 4.3, therefore for OCP 4 has been marked as out of support scope.", "threat_severity": "Moderate"}