Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78911 | vdb-entry x_refsource_XF |
| http://www.openwall.com/lists/oss-security/2012/03/24/1 | mailing-list x_refsource_MLIST |
| http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html | mailing-list x_refsource_MLIST |
| http://secunia.com/advisories/48504 | third-party-advisory x_refsource_SECUNIA |
| https://bugzilla.wikimedia.org/show_bug.cgi?id=34212 | x_refsource_CONFIRM |
| http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html | mailing-list x_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/03/22/9 | mailing-list x_refsource_MLIST |
| http://osvdb.org/80361 | vdb-entry x_refsource_OSVDB |
| http://www.securityfocus.com/bid/52689 | vdb-entry x_refsource_BID |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78911 | vdb-entry x_refsource_XF x_transferred |
| http://www.openwall.com/lists/oss-security/2012/03/24/1 | mailing-list x_refsource_MLIST x_transferred |
| http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html | mailing-list x_refsource_MLIST x_transferred |
| http://secunia.com/advisories/48504 | third-party-advisory x_refsource_SECUNIA x_transferred |
| https://bugzilla.wikimedia.org/show_bug.cgi?id=34212 | x_refsource_CONFIRM x_transferred |
| http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html | mailing-list x_refsource_MLIST x_transferred |
| http://www.openwall.com/lists/oss-security/2012/03/22/9 | mailing-list x_refsource_MLIST x_transferred |
| http://osvdb.org/80361 | vdb-entry x_refsource_OSVDB x_transferred |
| http://www.securityfocus.com/bid/52689 | vdb-entry x_refsource_BID x_transferred |
Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 6.8 | MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |