CVE-2021-31553
Severity CVSS v4.0:
Pending analysis
Type:
CWE-428
Unquoted Search Path or Element
Publication date:
22/04/2021
Last modified:
22/04/2021
Description
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:* | 1.35.2 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666963
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666964
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667023
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667024
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667025
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667027
- https://phabricator.wikimedia.org/T275669