Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the “Mark all pages visited” on the watchlist does not require a CSRF token.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | mediawiki | < 1:1.27.2-1 | mediawiki_1:1.27.2-1_all.deb |
Debian | 11 | all | mediawiki | < 1:1.27.2-1 | mediawiki_1:1.27.2-1_all.deb |
Debian | 10 | all | mediawiki | < 1:1.27.2-1 | mediawiki_1:1.27.2-1_all.deb |
Debian | 999 | all | mediawiki | < 1:1.27.2-1 | mediawiki_1:1.27.2-1_all.deb |
Debian | 13 | all | mediawiki | < 1:1.27.2-1 | mediawiki_1:1.27.2-1_all.deb |