Lucene search

K
cvelistMitreCVELIST:CVE-2015-8623
HistoryMar 23, 2017 - 8:00 p.m.

CVE-2015-8623

2017-03-2320:00:00
mitre
www.cve.org

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%