CVE-2015-6728

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2015/08/12/6
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
http://www.openwall.com/lists/oss-security/2015/08/27/6
http://www.securityfocus.com/bid/76334
https://security.gentoo.org/glsa/201510-05

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mediawiki:mediawiki:1.24.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.24.2:::::::*
	cpe:2.3:a:mediawiki:mediawiki::::::::
	cpe:2.3:a:mediawiki:mediawiki:1.24.0:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.25.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.25.0:::::::*

Information

Published : 2015-09-01 07:59

Updated : 2016-12-07 10:21

NVD link : CVE-2015-6728

Mitre link : CVE-2015-6728

JSON object : View

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

Products Affected

mediawiki

mediawiki

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2015/08/12/6", "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", "tags": [], "refsource": "MLIST"}, {"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html", "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10", "tags": ["Vendor Advisory"], "refsource": "MLIST"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html", "name": "FEDORA-2015-13920", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.openwall.com/lists/oss-security/2015/08/27/6", "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", "tags": [], "refsource": "MLIST"}, {"url": "http://www.securityfocus.com/bid/76334", "name": "76334", "tags": [], "refsource": "BID"}, {"url": "https://security.gentoo.org/glsa/201510-05", "name": "GLSA-201510-05", "tags": [], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-352"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-6728", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-09-01T14:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.23.9"}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-12-07T18:21Z"}