Lucene search
HistoryDec 13, 2013 - 6:07 p.m.
CVE-2012-5394
cve-2012-5394
csrf
centralauth
mediawiki
remote attack
authentication hijacking
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.5
Confidence
High
EPSS
0.002
Percentile
52.7%
Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading.
Affected configurations
Node
mediawikimediawikiMatch1.20
ORmediawikimediawikiMatch1.20.1
ORmediawikimediawikiMatch1.20.2
ORmediawikimediawikiMatch1.20.3
ORmediawikimediawikiMatch1.20.4
ORmediawikimediawikiMatch1.20.5
ORmediawikimediawikiMatch1.20.6
ORmediawikimediawikiMatch1.20.7
Node
mediawikimediawikiMatch1.21
ORmediawikimediawikiMatch1.21.1
ORmediawikimediawikiMatch1.21.2
Node
mediawikimediawikiRange≤1.19.8
ORmediawikimediawikiMatch1.19
ORmediawikimediawikiMatch1.19beta_1
ORmediawikimediawikiMatch1.19beta_2
ORmediawikimediawikiMatch1.19.0
ORmediawikimediawikiMatch1.19.1
ORmediawikimediawikiMatch1.19.2
ORmediawikimediawikiMatch1.19.3
ORmediawikimediawikiMatch1.19.4
ORmediawikimediawikiMatch1.19.5
ORmediawikimediawikiMatch1.19.6
ORmediawikimediawikiMatch1.19.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mediawiki | mediawiki | 1.20.3 | cpe:/a:mediawiki:mediawiki:1.20.3::: |
| mediawiki | mediawiki | 1.20.1 | cpe:/a:mediawiki:mediawiki:1.20.1::: |
| mediawiki | mediawiki | 1.20.6 | cpe:/a:mediawiki:mediawiki:1.20.6::: |
| mediawiki | mediawiki | 1.20.7 | cpe:/a:mediawiki:mediawiki:1.20.7::: |
| mediawiki | mediawiki | 1.20 | cpe:/a:mediawiki:mediawiki:1.20::: |
| mediawiki | mediawiki | 1.20.4 | cpe:/a:mediawiki:mediawiki:1.20.4::: |
| mediawiki | mediawiki | 1.20.2 | cpe:/a:mediawiki:mediawiki:1.20.2::: |
| mediawiki | mediawiki | 1.20.5 | cpe:/a:mediawiki:mediawiki:1.20.5::: |
Related
nvd
nvd
CVE-2012-5394
2013-12-13 18:07:53
cvelist
cvelist
CVE-2012-5394
2013-12-13 18:00:00
prion
prion
Cross site request forgery (csrf)
2013-12-13 18:07:00
fedora
fedora
[SECURITY] Fedora 20 Update: mediawiki-1.21.3-1.fc20
2013-12-14 03:35:07
[SECURITY] Fedora 19 Update: mediawiki-1.21.3-1.fc19
2013-12-02 09:35:57
[SECURITY] Fedora 18 Update: mediawiki-1.19.9-1.fc18
2013-12-02 09:33:22
openvas
openvas
Fedora Update for mediawiki FEDORA-2013-21856
2013-12-03 00:00:00
Fedora Update for mediawiki FEDORA-2013-21856
2013-12-03 00:00:00
Fedora Update for mediawiki FEDORA-2013-22047
2014-02-03 00:00:00
nessus
nessus
Fedora 20 : mediawiki-1.21.3-1.fc20 (2013-22047)
2013-12-14 00:00:00
Fedora 19 : mediawiki-1.21.3-1.fc19 (2013-21856)
2013-12-02 00:00:00
MediaWiki < 1.19.9 / 1.20.8 / 1.21.3 Multiple Vulnerabilities
2013-12-17 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.5
Confidence
High
EPSS
0.002
Percentile
52.7%
Related for CVE-2012-5394