Bug 620224 (CVE-2010-2787)

Summary: CVE-2010-2787 MediaWiki (< v1.15.5, v1.16.0): Private data leakage via public caching headers
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: Axel.Thimm
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-19 09:12:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 620226    
Bug Blocks:    

Description Jan Lieskovsky 2010-08-01 16:14:11 UTC 
Tim Starling reported:
  [1] https://bugzilla.wikimedia.org/show_bug.cgi?id=24565#c0

a deficiency in the way MediaWiki processed private cache headers
for almost all API operations. Further exact flaw implications from Tim [1]:

A user's browser can be tricked into requesting private data with public
caching headers, via a CSRF-style attack on an external web page. The attacker
would cause the victim's browser to request private data with public caching
headers, then the attacker would download the same data from the intermediate
HTTP proxy, bypassing access controls.

References:
  [2] http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
Comment 1 Jan Lieskovsky 2010-08-01 16:18:30 UTC 
This issue affects the versions of the mediawiki package, as shipped
with Fedora release of 12 and 13.

Please fix.
Comment 2 Jan Lieskovsky 2010-08-01 16:23:22 UTC 
Created mediawiki tracking bugs for this issue

Affects: fedora-all [bug 620226]