CVE Vulnerabilities

CVE-2021-41801

Published: Oct 11, 2021 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)

Affected Software

Name Vendor Start Version End Version
Mediawiki Mediawiki * 1.31.16 (excluding)
Mediawiki Mediawiki 1.35.0 (including) 1.35.4 (excluding)
Mediawiki Mediawiki 1.36.0 (including) 1.36.2 (excluding)
Mediawiki Ubuntu bionic *
Mediawiki Ubuntu hirsute *
Mediawiki Ubuntu impish *
Mediawiki Ubuntu kinetic *
Mediawiki Ubuntu lunar *
Mediawiki Ubuntu mantic *
Mediawiki Ubuntu trusty *
Mediawiki Ubuntu upstream *
Mediawiki Ubuntu xenial *

References