CVE-2017-0362Cross-Site Request Forgery in Mediawiki

CWE-352Cross-Site Request ForgeryCWE-287Improper Authentication9 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 64.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MediawikiDebian MediawikiDebian Linux
Timeline
PublishedApr 13
Latest updateMay 14

Description

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/mediawiki< mediawiki 1:1.27.2-1 (bookworm)
NVDmediawiki/mediawiki1.27.01.27.2+2
Debianmediawiki/mediawiki< 1:1.27.2-1+3
CVEListV5mediawiki/mediawikin/a

Also affects: Debian Linux 7.0

🔴Vulnerability Details

2
GHSA
GHSA-wqmj-qf48-v44w: Mediawiki before 12022-05-14
OSV
CVE-2017-0362: Mediawiki before 12018-04-13

📋Vendor Advisories

2
Debian
CVE-2017-0362: mediawiki - Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all p...2017
Red Hat
mediawiki: "Mark all pages visited" on the watchlist does not require a CSRF token2016-11-04

💬Community

4
Bugzilla
CVE-2017-0362 CVE-2017-0364 CVE-2017-0366 CVE-2017-0370 mediawiki123: various flaws [epel-7]2018-04-19
Bugzilla
CVE-2017-0362 mediawiki: "Mark all pages visited" on the watchlist does not require a CSRF token2018-04-19
Bugzilla
CVE-2017-0362 mediawiki: "Mark all pages visited" on the watchlist does not require a CSRF token [fedora-all]2018-04-19
Bugzilla
CVE-2017-0362 mediawiki119: mediawiki: "Mark all pages visited" on the watchlist does not require a CSRF token [epel-6]2018-04-19
CVE-2017-0362 — Cross-Site Request Forgery in Mediawiki | cvebase