CVE-2013-4306

Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
mediawikimediawiki
1.19.0 ≤
𝑥
< 1.19.8
mediawikimediawiki
1.20.0 ≤
𝑥
< 1.20.7
mediawikimediawiki
1.21.0 ≤
𝑥
< 1.21.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
http://osvdb.org/96908
http://seclists.org/oss-sec/2013/q3/553
http://www.securityfocus.com/bid/62210
https://bugzilla.wikimedia.org/show_bug.cgi?id=45019
https://exchange.xforce.ibmcloud.com/vulnerabilities/86893
https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651
http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
http://osvdb.org/96908
http://seclists.org/oss-sec/2013/q3/553
http://www.securityfocus.com/bid/62210
https://bugzilla.wikimedia.org/show_bug.cgi?id=45019
https://exchange.xforce.ibmcloud.com/vulnerabilities/86893
https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651