Description

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)

Remediation

References

CVE-2021-41801

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2021-21705)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3586)

Oracle JRE Incorrect Default Permissions Vulnerability (CVE-2024-21012)

MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3967)

WordPress Plugin Easy Custom Sidebars Unspecified Vulnerability (1.0.1)

Severity

High

Classification

CVE-2021-41801 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities