Lucene search

[email protected]CVE-2012-1578

HistorySep 09, 2012 - 9:55 p.m.

CVE-2012-1578

2012-09-0921:55:05

CWE-352

[email protected]

web.nvd.nist.gov

cve-2012-1578

csrf

mediawiki

vulnerability

nvd

cve-2012-1578

authentication hijack

block permission

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.1%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.

Affected configurations

NVD

Node

mediawikimediawikiMatch1.17

mediawikimediawikiMatch1.17beta_1

mediawikimediawikiMatch1.17.0

mediawikimediawikiMatch1.17.0rc1

mediawikimediawikiMatch1.17.1

mediawikimediawikiMatch1.17.2

Node

mediawikimediawikiMatch1.18

mediawikimediawikiMatch1.18beta_1

mediawikimediawikiMatch1.18.0

mediawikimediawikiMatch1.18.0rc1

mediawikimediawikiMatch1.18.1

CPENameOperatorVersion
mediawiki:mediawikimediawikieq1.17
mediawiki:mediawikimediawikieq1.17.0
mediawiki:mediawikimediawikieq1.17.1
mediawiki:mediawikimediawikieq1.17.2