CVE-2012-2128 — Cross-Site Request Forgery in Dokuwiki

CWE-352 — Cross-Site Request Forgery8 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.4%

top 36.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dokuwiki Debian Dokuwiki Andreas Gohr Dokuwiki

Timeline

PublishedAug 27

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to extract a valid CSRF token."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/dokuwiki< dokuwiki 0.0.20120125a-1 (bookworm)

▶Debiandokuwiki/dokuwiki< 0.0.20120125a-1+3

▶Ubuntudokuwiki/dokuwiki< 0.0.20131208-1

▶NVDandreas_gohr/dokuwiki2012-01-25

🔴Vulnerability Details

GHSA

GHSA-8246-cj8p-3gjh: ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in doku↗2022-05-17

▶

OSV

CVE-2012-2128: ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in doku↗2012-08-27

▶

OSV

CVE-2012-2128: Cross-site request forgery (CSRF) vulnerability in doku↗2012-08-27

▶

📋Vendor Advisories

Debian

CVE-2012-2128: dokuwiki - Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-...↗2012

▶

💬Community

Bugzilla

CVE-2012-2128 CVE-2012-2129 dokuwiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data [fedora-all]↗2012-04-22

▶

Bugzilla

CVE-2012-2128 CVE-2012-2129 dokuwiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data↗2012-04-22

▶

Bugzilla

CVE-2012-2128 CVE-2012-2129 dokuwiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data [epel-all]↗2012-04-22

▶