CVE-2020-26121 - OpenCVE

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Mediawiki	Mediawiki
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

References

Link	Resource
https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png	Vendor Advisory
https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b	Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
https://phabricator.wikimedia.org/T262628	Issue Tracking Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-09-27T20:08:00

Updated: 2020-12-14T02:06:09

Reserved: 2020-09-27T00:00:00

Link: CVE-2020-26121

JSON object: View

NVD Information

Status : Modified

Published: 2020-09-27T21:15:13.063

Modified: 2023-11-07T03:20:30.320

Link: CVE-2020-26121

JSON object: View

Redhat Information

No data.

CWE

CWE-863

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against \"page creation\" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-14T02:06:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png"}, {"tags": ["x_refsource_MISC"], "url": "https://phabricator.wikimedia.org/T262628"}, {"tags": ["x_refsource_MISC"], "url": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b"}, {"name": "FEDORA-2020-a4802c53d9", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-26121", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against \"page creation\" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png", "refsource": "MISC", "url": "https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png"}, {"name": "https://phabricator.wikimedia.org/T262628", "refsource": "MISC", "url": "https://phabricator.wikimedia.org/T262628"}, {"name": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b", "refsource": "MISC", "url": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b"}, {"name": "FEDORA-2020-a4802c53d9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-26121", "datePublished": "2020-09-27T20:08:00", "dateReserved": "2020-09-27T00:00:00", "dateUpdated": "2020-12-14T02:06:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "036C9229-D482-46F2-BA8C-A6800E5CFD1C", "versionEndExcluding": "1.34.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against \"page creation\" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title."}, {"lang": "es", "value": "Se detect\u00f3 un problema en la extensi\u00f3n FileImporter para MediaWiki versiones anteriores a 1.34.4. Un atacante puede importar un archivo incluso cuando la p\u00e1gina de destino est\u00e1 protegida contra \"page creation\" y el atacante no deber\u00eda poder crearlo. Esto ocurre debido a una distinci\u00f3n manejada inapropiadamente entre una restricci\u00f3n de carga y una restricci\u00f3n de creaci\u00f3n. Un atacante no puede aprovechar esto para sobrescribir cualquier cosa, pero puede aprovechar esto para obligar a un wiki a tener una p\u00e1gina con un t\u00edtulo no permitido"}], "id": "CVE-2020-26121", "lastModified": "2023-11-07T03:20:30.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-27T21:15:13.063", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://phabricator.wikimedia.org/T262628"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}