Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability - CVE-2021-36129 - Vulnerability Database
MediaWiki

MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability - CVE-2021-36129

Medium
Reference: CVE-2021-36129
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-36129
Title: MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability
Overview:

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when actionremove is set thus allowing users with the translate-manage right to silently delete various groups39 metadata.