Bug 580418 (CVE-2010-1150) - CVE-2010-1150 MediaWiki v.1.15.3: Login CSRF
Summary: CVE-2010-1150 MediaWiki v.1.15.3: Login CSRF
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2010-1150
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://lists.wikimedia.org/pipermail/...
Whiteboard: impact=low,source=oss-security,report...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-04-08 08:45 UTC by Jan Lieskovsky
Modified: 2019-06-08 12:58 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-09 20:01:16 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2010-04-08 08:45:21 UTC
MediaWiki upstream has released:
  [1] http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html

latest, v.1.15.3 version, addressing one cross-site request forgery
(CSRF) issue (from [1]):

"MediaWiki was found to be vulnerable to login CSRF. An attacker who
controls a user account on the target wiki can force the victim to log
in as the attacker, via a script on an external website. If the wiki is
configured to allow user scripts, say with "$wgAllowUserJs = true" in
LocalSettings.php, then the attacker can proceed to mount a
phishing-style attack against the victim to obtain their password."

Upstream bug report:
  [2] https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

CVE Request (and reply):
  [3] http://www.openwall.com/lists/oss-security/2010/04/07/1
  [4] http://www.openwall.com/lists/oss-security/2010/04/08/4

Comment 1 Jan Lieskovsky 2010-04-08 08:57:08 UTC
This issue has been already addressed in current versions
of mediawiki package, as shipped with Fedora release of 11
and 12. Particular builds (mediawiki-1.15.3-53.fc11 and
mediawiki-1.15.3-53.fc12) are already present in relevant
-candidate repositories for each of the above listed releases,
and once the Fedora stabilization process completes, they 
will be pushed into -stable.

Though, the EPEL-5 repository still contains mediawiki-1.14.0-45.el5,
as the latest version. 

Stephen, would it be possible to rebase the EPEL-5 version
to latest upstream v.1.15.3 version too? (as the previous
upstream release v.1.15.2 also addressed two security flaws --
CVE-2010-1189 and CVE-2010-1190).

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Comment 2 Stephen John Smoogen 2014-06-09 20:01:16 UTC
I apologize. This ticket should have been closed years ago as we moved to only having the Wikimedia Longterm Support in EPEL.


Note You need to log in before you can comment on or make changes to this bug.