CVE-2015-6728 - OpenCVE

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mediawiki	Mediawiki

Configuration 1 [-]

OR	cpe:2.3:a:mediawiki:mediawiki::::::::
	cpe:2.3:a:mediawiki:mediawiki:1.24.0:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.24.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.24.2:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.25.0:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.25.1:::::::*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
http://www.openwall.com/lists/oss-security/2015/08/12/6
http://www.openwall.com/lists/oss-security/2015/08/27/6
http://www.securityfocus.com/bid/76334
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
https://security.gentoo.org/glsa/201510-05

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-09-01T14:00:00

Updated: 2016-12-05T21:57:02

Reserved: 2015-08-27T00:00:00

Link: CVE-2015-6728

JSON object: View

NVD Information

Status : Modified

Published: 2015-09-01T14:59:06.197

Modified: 2016-12-07T18:21:13.750

Link: CVE-2015-6728

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-10T00:00:00", "descriptions": [{"lang": "en", "value": "The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T21:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201510-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201510-05"}, {"name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"}, {"name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"}, {"name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"}, {"name": "FEDORA-2015-13920", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"}, {"name": "76334", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76334"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6728", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201510-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201510-05"}, {"name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"}, {"name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"}, {"name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10", "refsource": "MLIST", "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"}, {"name": "FEDORA-2015-13920", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"}, {"name": "76334", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76334"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-6728", "datePublished": "2015-09-01T14:00:00", "dateReserved": "2015-08-27T00:00:00", "dateUpdated": "2016-12-05T21:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "05064578-51CC-482B-A135-42522AA50F0A", "versionEndIncluding": "1.23.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*", "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*", "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*", "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack."}, {"lang": "es", "value": "Vulnerabilidad en la funci\u00f3n ApiBase::getWatchlistUser en MediaWiki en versiones anteriores 1.23.10, 1.24.x en versiones anteriores 1.24.3 y 1.25.x en versiones anteriores a 1.25.2, no realiza el token de comparaci\u00f3n en tiempo constante, lo que permite a atacantes remotos adivinar el token de lista de observaci\u00f3n y evadir la protecci\u00f3n CSRF a trav\u00e9s de un ataque de oportunidad."}], "id": "CVE-2015-6728", "lastModified": "2016-12-07T18:21:13.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-09-01T14:59:06.197", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/76334"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201510-05"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}