CVE-2015-2940

medium

Description

Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors.

References

http://www.mandriva.com/security/advisories?name=MDVSA-2015:200

http://www.openwall.com/lists/oss-security/2015/04/01/1

http://www.openwall.com/lists/oss-security/2015/04/07/3

http://www.securityfocus.com/bid/73477

https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html

https://phabricator.wikimedia.org/T85858

https://security.gentoo.org/glsa/201510-05

Details

Source: MITRE

Published: 2015-04-13

Updated: 2016-12-07

Type: CWE-352

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM