CVE-2015-8623
HIGH severity · CVSS 8.8 · Cross-site request forgery (CSRF)
8.8CVSS HIGH
Summary
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionRequired
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)1%
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://www.openwall.com/lists/oss-security/2015/12/21/8 ↗
Additional information
- NVD record
- http://www.openwall.com/lists/oss-security/2015/12/21/8Patch
- http://www.openwall.com/lists/oss-security/2015/12/23/7Patch
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.htmlPatch
- https://phabricator.wikimedia.org/T119309Patch
- https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.phpAdvisory