Your submission was sent successfully! Close

CVE-2021-41801

Published: 11 October 2021

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
mediawiki
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

trusty Does not exist

upstream
Released (1:1.35.4-1)
xenial Ignored
(out of standard support)