CVE-2013-4302

CVSS v2.0 5 (Medium)

EPSS 0.77 % (82^th)

Affected Products 1

Advisories 5

(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2013-10-27 00:55:03
(11 years ago)
Updated Date: 2017-08-29 01:33:36
(7 years ago)

Affected Products

Mediawiki

Mediawiki

Configuration #1

		CPE23	From	Up To
	Mediawiki 1.19.0	cpe:2.3:a:mediawiki:mediawiki:1.19.0
	Mediawiki 1.19.1	cpe:2.3:a:mediawiki:mediawiki:1.19.1
	Mediawiki 1.19.2	cpe:2.3:a:mediawiki:mediawiki:1.19.2
	Mediawiki 1.19.3	cpe:2.3:a:mediawiki:mediawiki:1.19.3
	Mediawiki 1.19.4	cpe:2.3:a:mediawiki:mediawiki:1.19.4
	Mediawiki 1.19.5	cpe:2.3:a:mediawiki:mediawiki:1.19.5
	Mediawiki 1.19.6	cpe:2.3:a:mediawiki:mediawiki:1.19.6
	Mediawiki 1.19.7	cpe:2.3:a:mediawiki:mediawiki:1.19.7
	Mediawiki 1.20	cpe:2.3:a:mediawiki:mediawiki:1.20
	Mediawiki 1.20.1	cpe:2.3:a:mediawiki:mediawiki:1.20.1
	Mediawiki 1.20.2	cpe:2.3:a:mediawiki:mediawiki:1.20.2
	Mediawiki 1.20.3	cpe:2.3:a:mediawiki:mediawiki:1.20.3
	Mediawiki 1.20.4	cpe:2.3:a:mediawiki:mediawiki:1.20.4
	Mediawiki 1.20.5	cpe:2.3:a:mediawiki:mediawiki:1.20.5
	Mediawiki 1.20.6	cpe:2.3:a:mediawiki:mediawiki:1.20.6
	Mediawiki 1.21	cpe:2.3:a:mediawiki:mediawiki:1.21
	Mediawiki 1.21.1	cpe:2.3:a:mediawiki:mediawiki:1.21.1