{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-13T17:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747"}, {"name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"}, {"name": "FEDORA-2013-21856", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"}, {"name": "FEDORA-2013-21874", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5394", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747", "refsource": "CONFIRM", "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747"}, {"name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9", "refsource": "MLIST", "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"}, {"name": "FEDORA-2013-21856", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"}, {"name": "FEDORA-2013-21874", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5394", "datePublished": "2013-12-13T18:00:00", "dateReserved": "2012-10-17T00:00:00", "dateUpdated": "2013-12-13T17:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*", "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*", "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*", "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*", "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*", "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*", "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*", "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*", "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*", "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*", "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*", "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7BDF753-A81D-46F4-BD23-84AE2C4F15EF", "versionEndIncluding": "1.19.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*", "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*", "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*", "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*", "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*", "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*", "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*", "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*", "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*", "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading."}, {"lang": "es", "value": "Vulnerabilidad de Cross-site request forgery (CSRF) en la extensi\u00f3n de MediaWiki CentralAuth antes de 1.19.9, 1.20.x anterior a 1.20.8 y 1.21.x anterior a 1.21.3 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios para las solicitudes de inicio de sesi\u00f3n que a trav\u00e9s de de vectores relacionados con la carga de im\u00e1genes."}], "id": "CVE-2012-5394", "lastModified": "2013-12-16T15:24:47.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-12-13T18:07:53.750", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"}, {"source": "cve@mitre.org", "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"}, {"source": "cve@mitre.org", "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}