PT-2014-5334 · Wikimedia+1 · Mediawiki+2
Ravindra Singh Rathore
·
Published
2014-02-07
·
Updated
2014-05-13
·
CVE-2014-3455
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
MediaWiki versions prior to 1.19.10
MediaWiki versions 1.20.x (all versions)
MediaWiki versions 1.21.x prior to 1.21.4
MediaWiki versions 1.22.x prior to 1.22.1
Description
The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in specific special pages of the SemanticForms extension. These vulnerabilities allow remote attackers to hijack user authentication for requests with unspecified impact. The affected special pages include CreateProperty, CreateTemplate, CreateForm, and CreateClass.
Recommendations
For MediaWiki versions prior to 1.19.10, update to version 1.19.10 or later.
For MediaWiki versions 1.20.x, update to version 1.21.4 or later.
For MediaWiki versions 1.21.x prior to 1.21.4, update to version 1.21.4 or later.
For MediaWiki versions 1.22.x prior to 1.22.1, update to version 1.22.1 or later.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Mediawiki
Semanticforms Extension