Headline
CVE-2021-21275: Build software better, together
The MediaWiki “Report” extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.
This repository has been archived by the owner. It is now read-only.
CSRF vulnerability for reporting revisions
Package
No package listed
Affected versions
<f828dc6
Description
Impact
Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged.
Patches
The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.
Workarounds
Disable the extension or upgrade it. No workarounds.