CVE-2021-30152 log

Source
Severity Medium
Remote Yes
Type Access restriction bypass
Description
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.
Group Package Affected Fixed Severity Status Ticket
AVG-1775 mediawiki 1.35.1-2 1.35.2-1 Medium Fixed
References
https://phabricator.wikimedia.org/T270713
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/27ba9e0ef0c7ec76331fd92bc549bb2c0d60979a%5E%21/