4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
55.8%
includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attackerβs account, as demonstrated by tracking the victimβs activity, related to a βlogin CSRFβ issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | mediawiki | <Β 1:1.19.14+dfsg-1 | mediawiki_1:1.19.14+dfsg-1_all.deb |
Debian | 11 | all | mediawiki | <Β 1:1.19.14+dfsg-1 | mediawiki_1:1.19.14+dfsg-1_all.deb |
Debian | 999 | all | mediawiki | <Β 1:1.19.14+dfsg-1 | mediawiki_1:1.19.14+dfsg-1_all.deb |
Debian | 13 | all | mediawiki | <Β 1:1.19.14+dfsg-1 | mediawiki_1:1.19.14+dfsg-1_all.deb |