Description

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.

Remediation

References

CVE-2015-6728

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2007-3859)

Mailman Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2021-42096)

MySQL CVE-2017-3652 Vulnerability (CVE-2017-3652)

WordPress Plugin YITH WooCommerce Compare Security Bypass (2.3.13)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8622)

Severity

High

Classification

CVE-2015-6728 CWE-352

Tags

Missing Update Known Vulnerabilities