CVE-2012-5391 — Mediawiki vulnerability

9 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.8%

top 26.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedJun 2

Latest updateMay 17

Description

Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.19.3-1 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.19.3-1+3

▶NVDmediawiki/mediawiki1.18.5+10

🔴Vulnerability Details

GHSA

GHSA-3wxc-gqjr-6mh6: Session fixation vulnerability in Special:UserLogin in MediaWiki before 1↗2022-05-17

▶

OSV

CVE-2012-5391: Session fixation vulnerability in Special:UserLogin in MediaWiki before 1↗2014-06-02

▶

📋Vendor Advisories

Debian

CVE-2012-5391: mediawiki - Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, ...↗2012

▶

💬Community

Bugzilla

CVE-2012-5391 mediawiki: Vulnerable to session fixation attacks [epel-all]↗2012-12-07

▶

Bugzilla

CVE-2012-5391 mediawiki: Vulnerable to session fixation attacks [epel-all]↗2012-12-07

▶

Bugzilla

CVE-2012-5391 mediawiki: Vulnerable to session fixation attacks [epel-5]↗2012-11-30

▶

Bugzilla

CVE-2012-5391 mediawiki: Vulnerable to session fixation attacks [fedora-all]↗2012-11-30

▶

Bugzilla

CVE-2012-5391 mediawiki: Vulnerable to session fixation attacks↗2012-11-30

▶