CVE-2010-1648

Published: 8 June 2010

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.

Priority

Status

Package	Release	Status
mediawiki Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	hardy	Released (1:1.11.2-2ubuntu0.6)
	jaunty	Released (1:1.13.3-1ubuntu2.3)
	karmic	Released (1:1.15.0-1.1ubuntu0.3)
	lucid	Released (1:1.15.1-1ubuntu2.1)
	upstream	Released (1.15.4,1.16b3)
	Patches: upstream: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/64677

References

http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
https://www.cve.org/CVERecord?id=CVE-2010-1648
NVD
Launchpad
Debian

Bugs

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›