CVE-2012-1580
Published: 9 September 2012
Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.
Notes
Author | Note |
---|---|
micahg | Debian maintainer said 1.15 isn't affected, see 1:1.15.5-9 changelog |
Priority
Status
Package | Release | Status |
---|---|---|
mediawiki Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(1.15.x)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Not vulnerable
(1.15.x)
|
|
oneiric |
Not vulnerable
(1.15.x)
|
|
precise |
Not vulnerable
(1.15.x)
|
|
quantal |
Not vulnerable
(1.15.x)
|
|
raring |
Not vulnerable
(1.15.x)
|
|
upstream |
Needs triage
|