Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2015-6728 - Vulnerability Database
MediaWiki

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2015-6728

High
Reference: CVE-2015-6728
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-6728
Title: MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability
Overview:

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10 1.24.x before 1.24.3 and 1.25.x before 1.25.2 does not perform token comparison in constant time which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.