CVE-2015-2940
Summary
| CVE | CVE-2015-2940 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-04-13 14:59:00 UTC |
| Updated | 2016-12-07 18:11:00 UTC |
| Description | Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ⚓ T85858 Check User page lacks CSRF protection | CONFIRM | phabricator.wikimedia.org | |
| [MediaWiki-announce] MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2 | MLIST | lists.wikimedia.org | Patch, Vendor Advisory |
| MediaWiki: Multiple vulnerabilities (GLSA 201510-05) — Gentoo Security | GENTOO | security.gentoo.org | |
| oss-security - CVE request: MediaWiki 1.24.2/1.23.9/1.19.24 | MLIST | www.openwall.com | |
| oss-security - Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24 | MLIST | www.openwall.com | |
| MediaWiki Multiple Security Vulnerabilities | BID | www.securityfocus.com | |
| Support / Security / Advisories / / MDVSA-2015:200 | Mandriva | MANDRIVA | www.mandriva.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.