Candidate: CVE-2013-4302
PublicDate: 2013-10-27 00:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4302
 https://bugzilla.wikimedia.org/show_bug.cgi?id=49090
Description:
 (1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4)
 ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7)
 ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x
 before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain
 CSRF tokens and bypass the cross-site request forgery (CSRF) protection
 mechanism via a JSONP request to wiki/api.php.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mediawiki:
upstream_mediawiki: released (1:1.19.8+dfsg-1)
lucid_mediawiki: ignored (reached end-of-life)
precise_mediawiki: ignored (reached end-of-life)
precise/esm_mediawiki: DNE (precise was needed)
quantal_mediawiki: ignored (reached end-of-life)
raring_mediawiki: ignored (reached end-of-life)
saucy_mediawiki: ignored (reached end-of-life)
trusty_mediawiki: not-affected (1:1.19.14+dfsg-1)
trusty/esm_mediawiki: DNE (trusty was not-affected [1:1.19.14+dfsg-1])
utopic_mediawiki: ignored (reached end-of-life)
vivid_mediawiki: ignored (reached end-of-life)
vivid/stable-phone-overlay_mediawiki: DNE
vivid/ubuntu-core_mediawiki: DNE
wily_mediawiki: ignored (reached end-of-life)
xenial_mediawiki: DNE
yakkety_mediawiki: ignored (reached end-of-life)
zesty_mediawiki: ignored (reached end-of-life)
artful_mediawiki: ignored (reached end-of-life)
bionic_mediawiki: not-affected (1:1.27.4-3)
devel_mediawiki: not-affected (1:1.30.0-1)