CVE-2013-4306

high

Description

Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors.

References

Advisories
More

http://www.securityfocus.com/bid/62210

http://seclists.org/oss-sec/2013/q3/553

https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651

https://exchange.xforce.ibmcloud.com/vulnerabilities/86893

https://bugzilla.wikimedia.org/show_bug.cgi?id=45019

http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html

Details

Source: Mitre, NVD

Published: 2013-10-11

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00237