Lucene search

K
cvelistRedhatCVELIST:CVE-2013-4572
HistoryFeb 06, 2020 - 2:40 p.m.

CVE-2013-4572

2020-02-0614:40:13
redhat
www.cve.org

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.

CNA Affected

[
  {
    "product": "MediaWiki",
    "vendor": "Wikimedia Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "before 1.19.9"
      },
      {
        "status": "affected",
        "version": "1.20.x before 1.20.8"
      },
      {
        "status": "affected",
        "version": "1.21.x before 1.21.3"
      }
    ]
  }
]

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%