First published: Thu Apr 22 2021(Updated: )
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MediaWiki MediaWiki | <=1.35.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-31554 is a vulnerability found in the AbuseFilter extension for MediaWiki through 1.35.2.
CVE-2021-31554 allows nefarious users to remain unblocked in MediaWiki by improperly handling account blocks for certain automatically created user accounts.
CVE-2021-31554 has a severity rating of 5.4, which is considered medium.
To fix CVE-2021-31554, update MediaWiki to version 1.35.3 or higher.
You can find more information about CVE-2021-31554 in the references provided: [link1](https://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48), [link2](https://phabricator.wikimedia.org/T272244)