Description
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin PopCash.Net Code Integration Tool Cross-Site Scripting (1.0)
Joomla Session Fixation Vulnerability (CVE-2010-1434)
WordPress Plugin Walk Score Multiple Cross-Site Scripting Vulnerabilities (0.5.5)
Sqlite Use After Free Vulnerability (CVE-2020-13871)
WordPress Plugin Connections Business Directory Cross-Site Scripting (10.4.2)