Description
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
Remediation
References
Related Vulnerabilities
WordPress Plugin Bulk Add to Cart for WooCommerce Security Bypass (1.2.2)
Internet Information Services Other Vulnerability (CVE-2000-0413)
WordPress Plugin Disqus Comment System Multiple Vulnerabilities (2.75)
WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.9)
WordPress Plugin The Events Calendar Unspecified Vulnerability (4.0.4)