CVE-2013-4572 — Session Fixation in Mediawiki
Severity
7.5HIGHNVD
EPSS
1.3%
top 20.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 6
Latest updateMay 5
Description
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages4 packages
Also affects: Fedora 18, 19
Patches
🔴Vulnerability Details
2📋Vendor Advisories
1Debian▶
CVE-2013-4572: mediawiki - The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, a...↗2013
💬Community
5Bugzilla▶
CVE-2013-4568 CVE-2013-4572 CVE-2013-4567 mediawiki119: mediawiki: security releases 1.21.3, 1.20.8, and 1.19.9 [epel-6]↗2013-11-15
Bugzilla▶
CVE-2013-4568 CVE-2013-4572 CVE-2013-4567 mediawiki: security releases 1.21.3, 1.20.8, and 1.19.9 [epel-5]↗2013-11-15
Bugzilla▶
CVE-2013-4568 CVE-2013-4572 CVE-2013-4567 mediawiki: security releases 1.21.3, 1.20.8, and 1.19.9 [fedora-all]↗2013-11-15
Bugzilla▶
CVE-2013-4567 CVE-2013-4568 CVE-2013-4572 mediawiki: security releases 1.21.3, 1.20.8, and 1.19.9↗2013-11-15
Bugzilla▶
CVE-2013-4568 CVE-2013-4572 CVE-2013-4567 mediawiki119: mediawiki: security releases 1.21.3, 1.20.8, and 1.19.9 [fedora-18]↗2013-11-15