CVE-2016-6336 in MediaWiki
Summary
by MITRE
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 09/18/2020
MediaWiki version 1.23.15, 1.26.4, and 1.27.1 contained a critical access control vulnerability that allowed authenticated users with undelete permissions to circumvent intended security restrictions governing revision deletion. This vulnerability specifically affected the Special:Undelete functionality, which is designed to restore deleted pages and their associated revisions. The flaw enabled malicious actors to remove revision deletion status from arbitrary file revisions, effectively undermining the system's ability to suppress sensitive content. The vulnerability stems from improper validation of user permissions during the undelete process, particularly when dealing with revisions that were previously marked for deletion or suppression. This issue represents a direct violation of the principle of least privilege and demonstrates a failure in access control enforcement mechanisms.
The technical exploitation of this vulnerability occurs when an authenticated user with undelete rights attempts to restore a revision that was previously subject to suppressrevision or deleterevision restrictions. The system fails to properly validate whether the user has the appropriate authorization level to perform such operations on suppressed revisions. This weakness allows attackers to bypass the intended security controls that prevent unauthorized access to deleted content, potentially exposing sensitive information that should have remained hidden. The flaw exists in the permission checking logic within the revision restoration code path, where the system does not adequately verify that the user possesses the necessary privileges to restore revisions that were explicitly marked for suppression. This vulnerability aligns with CWE-284, which addresses improper access control, and represents a significant gap in the software's privilege management architecture.
The operational impact of this vulnerability extends beyond simple information disclosure, as it undermines the entire revision control and content management system's security posture. Organizations relying on MediaWiki for collaborative content management, documentation systems, or knowledge bases could face serious consequences when sensitive files or revisions are unexpectedly exposed. Attackers could exploit this vulnerability to recover deleted content that was intentionally suppressed, potentially compromising intellectual property, confidential business information, or personal data. The affected versions of MediaWiki were widely deployed across various organizations, making this vulnerability particularly dangerous. This weakness creates a persistent security risk that could remain undetected for extended periods, as the compromised functionality operates within legitimate administrative workflows.
Organizations should immediately implement the official patches released by the MediaWiki project to address this vulnerability, which includes version updates to 1.23.15, 1.26.4, and 1.27.1. System administrators should also review user permissions and ensure that only trusted individuals possess undelete privileges, particularly for sensitive content areas. Additional mitigations include implementing enhanced monitoring of Special:Undelete usage patterns and establishing automated alerts for suspicious revision restoration activities. The vulnerability demonstrates the importance of proper access control validation in content management systems and highlights the need for comprehensive security testing of administrative functions. This issue also relates to ATT&CK technique T1566, which covers credential access through exploitation of system vulnerabilities, and represents a significant risk to information security programs that rely on proper access controls for content protection.