Vulnerability Database
Blog
FAQ
Docs
GHSA-27fw-r78j-h898
Suggest an improvement
Source
https://github.com/advisories/GHSA-27fw-r78j-h898
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-27fw-r78j-h898/GHSA-27fw-r78j-h898.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-27fw-r78j-h898
Aliases
CVE-2019-12466
Published
2022-05-24T16:49:58Z
Modified
2024-05-15T22:57:16.785594Z
Severity
8.8 (High)
CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Calculator
Summary
Wikimedia MediaWiki allows CSRF
Details
Wikimedia MediaWiki through 1.32.1 allows CSRF in logout feature.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-12466
https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12466.yaml
https://github.com/wikimedia/mediawiki
https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
https://phabricator.wikimedia.org/T25227
https://seclists.org/bugtraq/2019/Jun/12
https://www.debian.org/security/2019/dsa-4460
Affected packages
Packagist
/
mediawiki/core
Package
Name
mediawiki/core
Purl
pkg:composer/mediawiki/core
Affected ranges
Type
ECOSYSTEM
Events
Introduced
1.27.0
Fixed
1.27.6
Affected versions
1.*
1.27.0
1.27.1
1.27.2
1.27.3
1.27.4
1.27.5
Packagist
/
mediawiki/core
Package
Name
mediawiki/core
Purl
pkg:composer/mediawiki/core
Affected ranges
Type
ECOSYSTEM
Events
Introduced
1.30.0
Fixed
1.30.2
Affected versions
1.*
1.30.0
1.30.1
Packagist
/
mediawiki/core
Package
Name
mediawiki/core
Purl
pkg:composer/mediawiki/core
Affected ranges
Type
ECOSYSTEM
Events
Introduced
1.31.0
Fixed
1.31.2
Affected versions
1.*
1.31.0
1.31.1
Packagist
/
mediawiki/core
Package
Name
mediawiki/core
Purl
pkg:composer/mediawiki/core
Affected ranges
Type
ECOSYSTEM
Events
Introduced
1.32.0
Fixed
1.32.2
Affected versions
1.*
1.32.0
1.32.1
GHSA-27fw-r78j-h898 - OSV