CVE-2021-31552:Improper Authorization in MediaWiki AbuseFilter Extension Allows Account Creation While Only Blocking IP Addresses

splash
Back

Description Preview

A vulnerability was discovered in the AbuseFilter extension for MediaWiki through version 1.35.2. The issue involves incorrect execution of rules related to blocking accounts after account creation. This vulnerability allows user accounts to be created while only blocking the IP address used for creation, rather than blocking the account itself. Additionally, the vulnerability could be exploited by unprivileged users to catalog and enumerate IP addresses associated with account creations, potentially compromising user privacy and security.

Overview

The AbuseFilter extension for MediaWiki is designed to help administrators combat vandalism and enforce policies by automatically detecting and responding to problematic edits and account creations. This vulnerability (CVE-2021-31552) stems from improper authorization controls (CWE-863) in the extension's rule execution logic. When certain rules are configured to block accounts after creation, the system incorrectly applies blocks only to the IP addresses used during account creation, leaving the newly created accounts unblocked and operational. This undermines the intended security controls and allows potentially malicious accounts to remain active. Furthermore, the vulnerability enables unprivileged users to potentially enumerate and collect IP addresses associated with account creations, creating privacy concerns and providing information that could be used in further attacks.

Remediation

To address this vulnerability, MediaWiki administrators should:

  1. Update the AbuseFilter extension to the latest version that contains the security fix.
  2. Review and adjust any AbuseFilter rules that target account creation to ensure they function as intended.
  3. Audit existing user accounts that may have been created while evading proper blocking mechanisms.
  4. Consider implementing additional monitoring for suspicious account creation patterns.
  5. Apply the patch referenced in the Wikimedia Gerrit repository (I8bae477ad7e4d0190335363ac2decf28e4313da1) if unable to update to a fixed version.

References

  1. Wikimedia Gerrit Repository Patch: https://gerrit.wikimedia.org/r/q/I8bae477ad7e4d0190335363ac2decf28e4313da1
  2. Wikimedia Phabricator Issue Tracking: https://phabricator.wikimedia.org/T152394
  3. Common Weakness Enumeration: CWE-863 (Incorrect Authorization)
  4. MediaWiki AbuseFilter Extension Documentation: https://www.mediawiki.org/wiki/Extension:AbuseFilter

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  3. Public Administration
    Public Administration
  4. Accommodation & Food Services
    Accommodation & Food Services
  5. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  6. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  7. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  8. Construction
    Construction
  9. Educational Services
    Educational Services
  10. Finance and Insurance
    Finance and Insurance
  11. Health Care & Social Assistance
    Health Care & Social Assistance
  12. Information
    Information
  13. Management of Companies & Enterprises
    Management of Companies & Enterprises
  14. Mining
    Mining
  15. Other Services (except Public Administration)
    Other Services (except Public Administration)
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background