Wikimedia Foundation MediaWiki GrowthExperiments Extension Improper Access Control Vulnerability

A vulnerability exists in the GrowthExperiments extension of MediaWiki, specifically in the growthsetmentor API action. This issue allows users to manipulate mentorship assignments without proper authorization. The vulnerability affects MediaWiki versions through 1.39.

Impact

Exploitation of this vulnerability allows users to incorrectly assign themselves or others as mentors, potentially leading to confusion and misuse of the mentorship system.

Reproduction

To reproduce this vulnerability, use the growthsetmentor action in the API. Any user can set themselves as a mentor for another user, regardless of their actual mentorship status. Additionally, users can claim any user as their mentor, even if the other user is not a registered mentor.

Remediation

Users can update to the patched version of the GrowthExperiments extension, which is available in the MediaWiki Gerrit repository. Instructions for applying the update can be found in the MediaWiki documentation.