CVE-2021-36132
📋 TL;DR
This vulnerability in MediaWiki's FileImporter extension allows users with insufficient permissions to upload files when certain relaxed configurations of $wgFileImporterRequiredRight are used. It affects MediaWiki installations through version 1.36 where the FileImporter extension is enabled with non-strict permission settings.
💻 Affected Systems
- MediaWiki
📦 What is this software?
Mediawiki by Mediawiki
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized users upload malicious files, potentially leading to server compromise, data exfiltration, or serving malicious content to legitimate users.
Likely Case
Users with limited privileges upload inappropriate or unauthorized content, violating access controls and potentially disrupting wiki operations.
If Mitigated
Proper permission validation prevents unauthorized uploads, maintaining intended access controls and content integrity.
🎯 Exploit Status
Exploitation requires a user account with some permissions, but not the specific rights intended for file imports.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: MediaWiki 1.36.1 and later
Vendor Advisory: https://phabricator.wikimedia.org/T280590
Restart Required: No
Instructions:
1. Update MediaWiki to version 1.36.1 or later. 2. If using older versions, apply the security patch from the gerrit repository. 3. Verify $wgFileImporterRequiredRight is properly configured.
🔧 Temporary Workarounds
Disable FileImporter extension
allTemporarily disable the vulnerable extension until patching is possible
Edit LocalSettings.php and remove or comment out: wfLoadExtension('FileImporter');
Strict permission configuration
allConfigure $wgFileImporterRequiredRight with strict permission requirements
Edit LocalSettings.php and set: $wgFileImporterRequiredRight = 'upload';
🧯 If You Can't Patch
- Implement strict file upload monitoring and review all uploaded content
- Temporarily disable file upload functionality for non-administrative users
🔍 How to Verify
Check if Vulnerable:
Check MediaWiki version and FileImporter extension status in LocalSettings.phpCheck Version:
Check includes/DefaultSettings.php or run: php maintenance/run.php --versionVerify Fix Applied:
Verify MediaWiki version is 1.36.1 or later and test file import permissions📡 Detection & Monitoring
Log Indicators:
- File uploads by users without proper upload permissions
- Failed permission checks in FileImporter logs
Network Indicators:
- Unexpected file uploads to MediaWiki instance
SIEM Query:
source="mediawiki" AND (event="file-upload" OR event="import") AND user_permissions NOT CONTAINS "upload"