CVE-2021-21275 MEDIUM

CVE-2021-21275: CSRF in MediaWiki Report extension

Vendor Kenny2Github
Product Report
Weakness CWE-352 · CSRF
Published January 25, 2021
Last update August 3, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.

Key dates

02Disclosure timeline

January 25, 2021 CVE published
August 3, 2024 Record updated