Bug 620224 (CVE-2010-2787) - CVE-2010-2787 MediaWiki (< v1.15.5, v1.16.0): Private data leakage via public caching headers
Summary: CVE-2010-2787 MediaWiki (< v1.15.5, v1.16.0): Private data leakage via public...
Keywords:
Status: NEW
Alias: CVE-2010-2787
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20100728,reported=20100728,sou...
Depends On: 620226
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-01 16:14 UTC by Jan Lieskovsky
Modified: 2019-06-08 13:03 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Jan Lieskovsky 2010-08-01 16:14:11 UTC
Tim Starling reported:
  [1] https://bugzilla.wikimedia.org/show_bug.cgi?id=24565#c0

a deficiency in the way MediaWiki processed private cache headers
for almost all API operations. Further exact flaw implications from Tim [1]:

A user's browser can be tricked into requesting private data with public
caching headers, via a CSRF-style attack on an external web page. The attacker
would cause the victim's browser to request private data with public caching
headers, then the attacker would download the same data from the intermediate
HTTP proxy, bypassing access controls.

References:
  [2] http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html

Comment 1 Jan Lieskovsky 2010-08-01 16:18:30 UTC
This issue affects the versions of the mediawiki package, as shipped
with Fedora release of 12 and 13.

Please fix.

Comment 2 Jan Lieskovsky 2010-08-01 16:23:22 UTC
Created mediawiki tracking bugs for this issue

Affects: fedora-all [bug 620226]


Note You need to log in before you can comment on or make changes to this bug.