MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2020-29004 - Vulnerability Database

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2020-29004

High

Reference: CVE-2020-29004

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-29004

Title: MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability

Overview:

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.