The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-02-06T14:40:13

Updated: 2024-08-06T16:45:15.240Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4572

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-02-06T15:15:10.387

Modified: 2020-02-10T19:40:09.113

Link: CVE-2013-4572

cve-icon Redhat

No data.