Description

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.

Remediation

References

CVE-2015-6728

Related Vulnerabilities

MySQL CVE-2017-3317 Vulnerability (CVE-2017-3317)

Piwigo CVE-2014-4648 Vulnerability (CVE-2014-4648)

SharePoint CVE-2024-49065 Vulnerability (CVE-2024-49065)

phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-6624)

Oracle JRE CVE-2024-21217 Vulnerability (CVE-2024-21217)

Severity

High

Classification

CVE-2015-6728 CWE-352

Tags

Missing Update Known Vulnerabilities