CVE-2021-31556 Information
Share on:
Jun 06, 2022
cve
Description
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://phabricator.wikimedia.org/T277380 https://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9 https://lists.fedoraproject.org/archives/list/[email protected]/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/ https://lists.fedoraproject.org/archives/list/[email protected]/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/ https://lists.fedoraproject.org/archives/list/[email protected]/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8