CVE-2021-44857: 
NixOS vulnerability analysis and mitigation

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The vulnerability (CVE-2021-44857) allows attackers to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page that the user doesn't have edit rights for. This vulnerability affects any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead (Mediawiki FAQ, NVD).

The vulnerability stems from improper permission checking in the 'mcrundo' and 'mcrrestore' actions. These actions did not properly verify editing permissions, allowing attackers to take content from any arbitrary revision and save it on any page of their choosing. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N (NVD).

The vulnerability allows unauthorized users to modify content on pages they don't have permission to edit. This affects both public wikis and public pages on private wikis, potentially compromising the integrity of wiki content and bypassing established access controls (Mediawiki FAQ).

As an immediate workaround, administrators can add '$wgActions["mcrundo"] = false;' and '$wgActions["mcrrestore"] = false;' to their LocalSettings.php file. For private wikis, additional protection can be achieved by setting '$wgWhitelistRead = [];' and '$wgWhitelistReadRegexp = [];'. The vulnerability is permanently fixed in MediaWiki versions 1.35.5, 1.36.3, and 1.37.1 (Mediawiki FAQ).