fkie_nvd - fkie_cve-2010-1648

fkie_cve-2010-1648

Vulnerability from fkie_nvd

Published

2010-06-08 00:30

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html	Patch, Vendor Advisory
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=23371

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la interfaz de login de MediaWiki v1.15 anterior a v1.15.4 y v1.16 anterior a v1.16 beta 3, permite a atacantes remotos secuestar la autenticaci\u00f3n de otros usuarios para peticiones que (1) crean cuentas o (2) resetean la contrase\u00f1a, relacionados con el formulario Special:Userlogin."
    }
  ],
  "id": "CVE-2010-1648",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-06-08T00:30:01.570",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23371"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-1648 (GCVE-0-2010-1648)

Vulnerability from cvelistv5

Published

2010-06-07 20:00