CVE-2021-21275

The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
GitHub_MCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
report_projectreport
𝑥
< 2021-01-21
oraclecommunications_cloud_native_core_network_slice_selection_function
1.2.1
oraclecommunications_pricing_design_center
12.0.0.4.0
oraclecommunications_pricing_design_center
12.0.0.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Kenny2github/Report/commit/f828dc6f73cdfaea5639edbf8ac7b326eeefb117
https://github.com/Kenny2github/Report/security/advisories/GHSA-9f3w-c334-jm2h
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://github.com/Kenny2github/Report/commit/f828dc6f73cdfaea5639edbf8ac7b326eeefb117
https://github.com/Kenny2github/Report/security/advisories/GHSA-9f3w-c334-jm2h
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html