User: Password:
Subscribe / Log in / New account

mediawiki: cross-site request forgery

Package(s):mediawiki CVE #(s):CVE-2014-2665
Created:April 3, 2014 Updated:May 9, 2014
Description: From the Mageia advisory:

Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby a user can be logged into an attackers account without being aware of it, allowing the attacker to track the user's activity (CVE-2014-2665).

Gentoo 201502-04 mediawiki 2015-02-07
Mandriva MDVSA-2014:083 mediawiki 2014-05-08
Fedora FEDORA-2014-4511 mediawiki 2014-04-09
Fedora FEDORA-2014-4478 mediawiki 2014-04-09
Debian DSA-2891-3 mediawiki 2014-04-04
Mageia MGASA-2014-0157 mediawiki 2014-04-03

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds