vulnerability
MediaWiki: Cross-Site Request Forgery (CSRF) (CVE-2020-29004)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Jan 29, 2021 | Feb 5, 2021 | Feb 5, 2021 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Jan 29, 2021
Added
Feb 5, 2021
Modified
Feb 5, 2021
Description
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
Solution
mediawiki-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.