MediaWiki Incorrect Authorization Vulnerability - CVE-2021-36132 - Vulnerability Database

MediaWiki Incorrect Authorization Vulnerability - CVE-2021-36132

High

Reference: CVE-2021-36132

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-36132

Title: MediaWiki Incorrect Authorization Vulnerability

Overview:

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the wgFileImporterRequiredRight variable it might not validate all appropriate user rights thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.