Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3455

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-3455
Last Modified 13 May 2014 01:56:26
Published 12 May 2014 10:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-3455

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors.

Vulnerable Systems

Application

  • Mediawiki 1.19

  • Mediawiki 1.19.0

  • Mediawiki 1.19.1

  • Mediawiki 1.19.2

  • Mediawiki 1.19.3

  • Mediawiki 1.19.4

  • Mediawiki 1.19.5

  • Mediawiki 1.19.6

  • Mediawiki 1.19.7

  • Mediawiki 1.19.8

  • Mediawiki 1.19.9

  • Mediawiki 1.21

  • Mediawiki 1.21.1

  • Mediawiki 1.21.2

  • Mediawiki 1.21.3

  • Mediawiki 1.22.0


References

MLIST - [MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10

CONFIRM - https://bugzilla.wikimedia.org/show_bug.cgi?id=57025


Last Updated: 27 May 2016 11:05:16