CVE-2020-29004
The CVE-2020-29004 issue affects MediaWiki’s Push extension (up to v1.35). Root cause: ApiPushBase.php did not require an edit token, enabling CSRF attacks. Impact: Cross-site request forgery affecting operations through the Push API. Connected sources note the fix involves enforcing an edit toke...