CVE-2019-12466Cross-Site Request Forgery in Core

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
8.8HIGH
No vector
EPSS
0.2%
top 60.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mediawiki CoreDebian Mediawiki
Timeline
PublishedMay 24

Description

Wikimedia MediaWiki allows CSRF Wikimedia MediaWiki through 1.32.1 allows CSRF in logout feature.

Affected Packages2 packages

Packagistmediawiki/core1.27.01.27.6+3
debiandebian/mediawiki< mediawiki 1:1.31.2-1 (bookworm)

🔴Vulnerability Details

2
OSV
Wikimedia MediaWiki allows CSRF2022-05-24
GHSA
Wikimedia MediaWiki allows CSRF2022-05-24

📋Vendor Advisories

1
Debian
CVE-2019-12466: mediawiki - Wikimedia MediaWiki through 1.32.1 allows CSRF.2019
CVE-2019-12466 — Cross-Site Request Forgery | cvebase