CVE-2012-1580

2012-09-0921:55:06

CWE-352

[email protected]

web.nvd.nist.gov

cve-2012-1580

csrf

vulnerability

mediawiki

special:upload

nvd

security

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.9%

JSON

Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.

Affected configurations

NVD

Node

mediawikimediawikiMatch1.17

mediawikimediawikiMatch1.17beta_1

mediawikimediawikiMatch1.17.0

mediawikimediawikiMatch1.17.0rc1

mediawikimediawikiMatch1.17.1

mediawikimediawikiMatch1.17.2

Node

mediawikimediawikiMatch1.18

mediawikimediawikiMatch1.18beta_1

mediawikimediawikiMatch1.18.0

mediawikimediawikiMatch1.18.0rc1

mediawikimediawikiMatch1.18.1

CPENameOperatorVersion
mediawiki:mediawikimediawikieq1.17
mediawiki:mediawikimediawikieq1.17.0
mediawiki:mediawikimediawikieq1.17.1
mediawiki:mediawikimediawikieq1.17.2