CVE-2021-30159

MEDIUM

MediaWiki < 1.31.12 and 1.32.x-1.35.x < 1.35.2 - Unintended Page Deletion via Fast Double Move

Title source: llm
STIX 2.1

Description

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master.

References (7)

Core 7
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
https://phabricator.wikimedia.org/T272386
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4889
Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202107-40

Scores

CVSS v3 4.3
EPSS 0.0087
EPSS Percentile 75.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

Status published
Products (5)
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 33
fedoraproject/fedora 34
mediawiki/mediawiki < 1.31.12
Published Apr 09, 2021
Tracked Since Feb 18, 2026