Security Advisory

CVE-2021-36132

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-07-02 12:59:57
Last updated 2024-08-04 00:47:43
Assigner mitre
State PUBLISHED

Description

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.