Description
The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password.
Remediation
References
Related Vulnerabilities
Nginx Out-of-bounds Read Vulnerability (CVE-2023-27728)
Internet Information Services Other Vulnerability (CVE-2000-0114)
MongoDb Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-20326)
MySQL CVE-2020-2768 Vulnerability (CVE-2020-2768)
Oracle Database Server CVE-2013-3771 Vulnerability (CVE-2013-3771)