CVE-2012-5394 - Vulnerability Details

Vendors	Products
Mediawiki	Mediawiki

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html
http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html
https://bugzilla.wikimedia.org/show_bug.cgi?id=40747

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-13T17:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747"}, {"name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"}, {"name": "FEDORA-2013-21856", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"}, {"name": "FEDORA-2013-21874", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5394", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747", "refsource": "CONFIRM", "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747"}, {"name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9", "refsource": "MLIST", "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"}, {"name": "FEDORA-2013-21856", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"}, {"name": "FEDORA-2013-21874", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:05:47.260Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747"}, {"name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"}, {"name": "FEDORA-2013-21856", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"}, {"name": "FEDORA-2013-21874", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5394", "datePublished": "2013-12-13T18:00:00", "dateReserved": "2012-10-17T00:00:00", "dateUpdated": "2024-08-06T21:05:47.260Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2012-10-03T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2013-12-13T17:57:00 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.wikimedia.org/show_bug.cgi?id=40747 (string)

}

1 : { »

name : [MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html (string)

}

2 : { »

name : FEDORA-2013-21856 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html (string)

}

3 : { »

name : FEDORA-2013-21874 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2012-5394 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://bugzilla.wikimedia.org/show_bug.cgi?id=40747 (string)

refsource : CONFIRM (string)

url : https://bugzilla.wikimedia.org/show_bug.cgi?id=40747 (string)

}

1 : { »

name : [MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9 (string)

refsource : MLIST (string)

url : http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html (string)

}

2 : { »

name : FEDORA-2013-21856 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html (string)

}

3 : { »

name : FEDORA-2013-21874 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T21:05:47.260Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.wikimedia.org/show_bug.cgi?id=40747 (string)

}

1 : { »

name : [MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html (string)

}

2 : { »

name : FEDORA-2013-21856 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html (string)

}

3 : { »

name : FEDORA-2013-21874 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2012-5394 (string)

datePublished : 2013-12-13T18:00:00 (string)

dateReserved : 2012-10-17T00:00:00 (string)

dateUpdated : 2024-08-06T21:05:47.260Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*", "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*", "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*", "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*", "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*", "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*", "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*", "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*", "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*", "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*", "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*", "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7BDF753-A81D-46F4-BD23-84AE2C4F15EF", "versionEndIncluding": "1.19.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*", "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*", "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*", "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*", "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*", "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*", "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*", "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*", "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*", "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading."}, {"lang": "es", "value": "Vulnerabilidad de Cross-site request forgery (CSRF) en la extensi\u00f3n de MediaWiki CentralAuth antes de 1.19.9, 1.20.x anterior a  1.20.8  y 1.21.x anterior a 1.21.3 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios para las solicitudes de inicio de sesi\u00f3n que a trav\u00e9s de de vectores relacionados con la carga de im\u00e1genes."}], "id": "CVE-2012-5394", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-12-13T18:07:53.750", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"}, {"source": "cve@mitre.org", "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"}, {"source": "cve@mitre.org", "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:* (string)

matchCriteriaId : 8FA45494-185A-4ED1-8818-D9F14EB9B59B (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 59319309-D926-4353-8E0C-1FE0CB97E4D5 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:* (string)

matchCriteriaId : DA15B197-EC42-49F0-8764-E315CDA7EA03 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:* (string)

matchCriteriaId : ECD4CD3D-6022-4F75-A524-5A5247EF23AD (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 75B95AE3-6FA0-44BD-A78A-F059613B57EC (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 94646567-FF30-4FBA-96C5-914EB3C85D7F (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:* (string)

matchCriteriaId : AF088531-6875-49A2-B220-D7EC38ECC50F (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 902A7EE8-90AA-4B0D-9142-DFCDA5AC8914 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:* (string)

matchCriteriaId : 383CE1D8-7A58-4C24-8898-8C592F98EFCC (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 3DA12531-818E-4AD7-A3E7-467604775416 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 1E87AB00-90DD-4548-B23A-42673DDFD1D1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D7BDF753-A81D-46F4-BD23-84AE2C4F15EF (string)

versionEndIncluding : 1.19.8 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:* (string)

matchCriteriaId : 93D7105D-3CF1-49FF-9F51-088C58F19003 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:* (string)

matchCriteriaId : F647077F-52FD-460B-9511-85812A1447FD (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:* (string)

matchCriteriaId : BB5A8AFF-EF0E-490C-8833-FF1071563979 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:* (string)

matchCriteriaId : A7C29D44-2964-483F-B672-27B5CE471DA6 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 172FEFE5-9900-49D0-9E14-2FA4A7912D23 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:* (string)

matchCriteriaId : CA3205F5-3A29-4D45-AC95-83174F8969BB (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 5547DA02-3BEC-4278-A714-25CCB820AA79 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:* (string)

matchCriteriaId : A3E5609D-EC04-4088-9B61-ABDD256200F7 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:* (string)

matchCriteriaId : B23B09BB-8F43-4D60-A37F-D8685584AF4B (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 9A8A3F38-9A86-4346-9337-5C2A1DED37C0 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad de Cross-site request forgery (CSRF) en la extensión de MediaWiki CentralAuth antes de 1.19.9, 1.20.x anterior a 1.20.8 y 1.21.x anterior a 1.21.3 permite a atacantes remotos secuestrar la autenticación de los usuarios para las solicitudes de inicio de sesión que a través de de vectores relacionados con la carga de imágenes. (string)

}

]

id : CVE-2012-5394 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2013-12-13T18:07:53.750 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html (string)

}

3 : { »

source : cve@mitre.org (string)

url : https://bugzilla.wikimedia.org/show_bug.cgi?id=40747 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://bugzilla.wikimedia.org/show_bug.cgi?id=40747 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-352 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object