Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-21275: Build software better, together

The MediaWiki “Report” extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.

CVE
#csrf#vulnerability

This repository has been archived by the owner. It is now read-only.

CSRF vulnerability for reporting revisions

Package

No package listed

Affected versions

<f828dc6

Description

Impact

Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged.

Patches

The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.

Workarounds

Disable the extension or upgrade it. No workarounds.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907