CVE-2014-2665
20.04.2014, 01:55
includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mediawiki | mediawiki | 𝑥 ≤ 1.19.13 |
| mediawiki | mediawiki | 1.19 |
| mediawiki | mediawiki | 1.19:beta_1 |
| mediawiki | mediawiki | 1.19:beta_2 |
| mediawiki | mediawiki | 1.19.0 |
| mediawiki | mediawiki | 1.19.1 |
| mediawiki | mediawiki | 1.19.2 |
| mediawiki | mediawiki | 1.19.3 |
| mediawiki | mediawiki | 1.19.4 |
| mediawiki | mediawiki | 1.19.5 |
| mediawiki | mediawiki | 1.19.6 |
| mediawiki | mediawiki | 1.19.7 |
| mediawiki | mediawiki | 1.19.8 |
| mediawiki | mediawiki | 1.19.9 |
| mediawiki | mediawiki | 1.19.10 |
| mediawiki | mediawiki | 1.19.11 |
| mediawiki | mediawiki | 1.19.12 |
| mediawiki | mediawiki | 1.20 |
| mediawiki | mediawiki | 1.20.1 |
| mediawiki | mediawiki | 1.20.2 |
| mediawiki | mediawiki | 1.20.3 |
| mediawiki | mediawiki | 1.20.4 |
| mediawiki | mediawiki | 1.20.5 |
| mediawiki | mediawiki | 1.20.6 |
| mediawiki | mediawiki | 1.20.7 |
| mediawiki | mediawiki | 1.20.8 |
| mediawiki | mediawiki | 1.21 |
| mediawiki | mediawiki | 1.21.1 |
| mediawiki | mediawiki | 1.21.2 |
| mediawiki | mediawiki | 1.21.3 |
| mediawiki | mediawiki | 1.21.4 |
| mediawiki | mediawiki | 1.21.5 |
| mediawiki | mediawiki | 1.21.6 |
| mediawiki | mediawiki | 1.21.7 |
| mediawiki | mediawiki | 1.22.0 |
| mediawiki | mediawiki | 1.22.1 |
| mediawiki | mediawiki | 1.22.2 |
| mediawiki | mediawiki | 1.22.3 |
| mediawiki | mediawiki | 1.22.4 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References