CVE-2021-41801
HIGHMediaWiki ReplaceText extension through 1.41 - Incorrect Access Control
Title source: llmDescription
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)
References (2)
Core 2
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://phabricator.wikimedia.org/T279090
Third Party Advisory x_refsource_confirm
https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
Scores
CVSS v3
8.8
EPSS
0.0038
EPSS Percentile
59.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
mediawiki/mediawiki
< 1.31.16
Published
Oct 11, 2021
Tracked Since
Feb 18, 2026