Brooke

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.17.x through 1.17.2 MediaWiki versions 1.18.x through 1.18.1 **Description** The issue concerns the inclusion of private data, such as CSRF tokens, in a JavaScript file by the resource loader. This allows remote attackers to obtain sensitive information. **Recommendations** For MediaWiki versions 1.17.x through 1.17.2, update to version 1.17.3 or later. For MediaWiki versions 1.18.x through 1.18.1, update to version 1.18.2 or later.