CVE-2021-36129

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata.

Published: Jul 2, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-36129
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
mediawiki / mediawiki	-	1.36.x

https://gerrit.wikimedia.org/r/q/I3619a7e88c2eb979babb7b027d4fdbfabc0af792
https://phabricator.wikimedia.org/T282932

Vulnerability Database

289,697

CVE-2021-36129