Description

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)

Remediation

References

CVE-2021-41801

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2004-1082)

Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.10)

phpMyFAQ Other Vulnerability (CVE-2005-3734)

silverstripeCMS Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2019-19326)

MySQL CVE-2018-3071 Vulnerability (CVE-2018-3071)

Severity

High

Classification

CVE-2021-41801 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities