Description
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin PlanSo Forms Cross-Site Scripting (2.6.3)
Moodle Improper Privilege Management Vulnerability (CVE-2017-7489)
MongoDb Insufficient Session Expiration Vulnerability (CVE-2019-2386)
WordPress Plugin WP Google Maps Cross-Site Request Forgery (7.11.27)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-11145)