CVE-2015-2940

Sažetak

Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors.

Reference

http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
http://www.openwall.com/lists/oss-security/2015/04/01/1
http://www.openwall.com/lists/oss-security/2015/04/07/3
http://www.securityfocus.com/bid/73477
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
https://phabricator.wikimedia.org/T85858
https://security.gentoo.org/glsa/201510-05

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-12-2016 - 18:11

Objavljeno

13-04-2015 - 14:59