EUVD-2020-21387

Malware in sbrugna...

EUVD-2020-21386

Malware in sbrugna...

BIT-MEDIAWIKI-2020-29004

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack...

BIT-MEDIAWIKI-2020-29005

The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure...

MediaWiki Cross-Site Request Forgery Vulnerability (CNVD-2021-09325)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site request forgery vulnerability exists in MediaWiki 1.35 and earlier versions, which stems from...

MediaWiki Information Disclosure Vulnerability (CNVD-2021-09324)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An information disclosure vulnerability exists in the Push extension for MediaWiki 1.35 and prior versions...

CVE-2020-29004

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack...

CVE-2020-29005

The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure...

CVE-2020-29004

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack...

CVE-2020-29005

The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure...

Information disclosure

The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure...

Cross site request forgery (csrf)

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack...

CVE-2020-29004

The CVE-2020-29004 issue affects MediaWiki’s Push extension (up to v1.35). Root cause: ApiPushBase.php did not require an edit token, enabling CSRF attacks. Impact: Cross-site request forgery affecting operations through the Push API. Connected sources note the fix involves enforcing an edit toke...

CVE-2020-29004

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack...

CVE-2020-29005

The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure...

CVE-2020-29005

CVE-2020-29005 concerns the MediaWiki Push extension up to version 1.35, where the ApiPush credentials were transmitted in cleartext, enabling potential information disclosure. Affected component: Push extension API in MediaWiki. Root cause: credentials for ApiPush exposed via plaintext communica...

MediaWiki 跨站请求伪造漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site request forgery vulnerability exists in MediaWiki 1.35 and earlier versions, which stems from...

MediaWiki 信息泄露漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An information disclosure vulnerability exists in the Push extension for MediaWiki 1.35 and prior versions...

PT-2021-11621 · Mediawiki +1 · Mediawiki Push Extension +1

Name of the Vulnerable Software and Affected Versions: MediaWiki Push extension versions through 1.35 Description: The issue concerns a lack of required edit token in the API of the Push extension for MediaWiki, specifically in ApiPushBase.php. This omission facilitates a CSRF attack...

PT-2021-11622 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35 Description: The issue concerns the API in the Push extension for MediaWiki, which used cleartext for ApiPush credentials. This could potentially lead to information disclosure. Recommendations: For MediaWiki...