CVE-2021-41801 - log back

CVE-2021-41801 edited at 30 Sep 2021 21:35:35
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ A security issue has been found in MediaWiki before version 1.36.2. ReplaceText continues performing actions if the user no longer has the correct permission (such as by being blocked).
References
+ https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
+ https://phabricator.wikimedia.org/T279090
+ https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/ReplaceText/+/b37d68a4c1603fed92c5db0b38ffc8bbd389fca5%5E%21/
Notes
CVE-2021-41801 created at 30 Sep 2021 21:24:54