Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

Arch Linux: ASA-202107-7 Medium: MediaWiki Access Restriction Bypass

Archlinux Large Esm H446
The package mediawiki before version 1.36.1-1 is vulnerable to access restriction bypass.
Arch Linux Security Advisory ASA-202107-7
========================================
Severity: Medium
Date    : 2021-07-01
CVE-ID  : CVE-2021-35197
Package : mediawiki
Type    : access restriction bypass
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2093

Summary
======
The package mediawiki before version 1.36.1-1 is vulnerable to access
restriction bypass.

Resolution
=========
Upgrade to 1.36.1-1.

# pacman -Syu "mediawiki>=1.36.1-1"

The problem has been fixed upstream in version 1.36.1.

Workaround
=========
None.

Description
==========
A security issue has been found in MediaWiki before version 1.36.1 that
allows blocked users to purge pages.

Impact
=====
Blocked users could purge pages.

References
=========
https://lists.wikimedia.org/hyperkitty/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/


https://security.archlinux.org/CVE-2021-35197