The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2020-02-06T14:40:13
Updated: 2024-08-06T16:45:15.240Z
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4572
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-02-06T15:15:10.387
Modified: 2020-02-10T19:40:09.113
Link: CVE-2013-4572
Redhat
No data.