Candidate: CVE-2010-1150
PublicDate: 2010-04-20 15:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1150
 http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
Description:
 MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly
 handle a correctly authenticated but unintended login attempt, which makes
 it easier for remote authenticated users to conduct phishing attacks by
 arranging for a victim to login to the attacker's account and then execute
 a crafted user script, related to a "login CSRF" issue.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/hardy/+source/mediawiki/+bug/557159
 https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_mediawiki:
upstream_mediawiki: released (1.15.3)
dapper_mediawiki: ignored (reached end-of-life)
hardy_mediawiki: released (1:1.11.2-2ubuntu0.5)
intrepid_mediawiki: released (1:1.12.0-2ubuntu0.5)
jaunty_mediawiki: released (1:1.13.3-1ubuntu2.2)
karmic_mediawiki: released (1:1.15.0-1.1ubuntu0.2)
devel_mediawiki: released (1:1.15.1-1ubuntu2)