CVE-2021-41801

描述

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)

受影響套件(2)

• Bitnami/mediawikifrom 0, < 1.31.16, >= 1.35.0, < 1.35.4, >= 1.36.0, < 1.36.2
• Debian/mediawikifrom 0, < 1:1.35.4-1~deb11u1

CVSS 分數

參考連結(4)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-41801
• WEBhttps://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
• WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-41801
• WEBhttps://phabricator.wikimedia.org/T279090