CVE-2021-41801 log

Source
Severity Medium
Remote Yes
Type Access restriction bypass
Description
A security issue has been found in MediaWiki before version 1.36.2. ReplaceText continues performing actions if the user no longer has the correct permission (such as by being blocked).
Group Package Affected Fixed Severity Status Ticket
AVG-2434 mediawiki 1.36.1-1 1.36.2-1 Medium Fixed
References
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
https://phabricator.wikimedia.org/T279090
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/ReplaceText/+/b37d68a4c1603fed92c5db0b38ffc8bbd389fca5%5E%21/