PT-2024-28937 · Unknown+2 · Mediawikichat Extension+2
Ashley
·
Published
2024-07-06
·
Updated
2025-06-19
·
CVE-2024-40601
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
MediaWikiChat extension for MediaWiki versions through 1.42.1
Description
An issue was discovered in the MediaWikiChat extension for MediaWiki, where CSRF can occur in API modules.
Recommendations
For MediaWikiChat extension for MediaWiki versions through 1.42.1, consider disabling access to API modules until a patch is available.
As a temporary workaround, restrict access to the MediaWikiChat extension to minimize the risk of exploitation.
Avoid using the MediaWikiChat extension until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Mediawiki
Mediawikichat Extension