CVE-2014-3455

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.19.10 MediaWiki versions 1.20.x (all versions) MediaWiki versions 1.21.x prior to 1.21.4 MediaWiki versions 1.22.x prior to 1.22.1

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in specific special pages of the SemanticForms extension. These vulnerabilities allow remote attackers to hijack user authentication for requests with unspecified impact. The affected special pages include CreateProperty, CreateTemplate, CreateForm, and CreateClass.

Recommendations For MediaWiki versions prior to 1.19.10, update to version 1.19.10 or later. For MediaWiki versions 1.20.x, update to version 1.21.4 or later. For MediaWiki versions 1.21.x prior to 1.21.4, update to version 1.21.4 or later. For MediaWiki versions 1.22.x prior to 1.22.1, update to version 1.22.1 or later.