CVE-2015-2940 — Cross-Site Request Forgery in Mediawiki

CWE-352 — Cross-Site Request Forgery4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.3%

top 47.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedApr 13

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/mediawiki< mediawiki 1:1.19.20+dfsg-2.3 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.19.20+dfsg-2.3+3

Patches

Patch: lists.wikimedia.org ↗Patch: lists.wikimedia.org ↗

🔴Vulnerability Details

GHSA

GHSA-g77q-mpv6-8w22: Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certa↗2022-05-17

▶

OSV

CVE-2015-2940: Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certa↗2015-04-13

▶

📋Vendor Advisories

Debian

CVE-2015-2940: mediawiki - Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for M...↗2015

▶