CVE-2013-4306 Information

Description

Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki possibly Checkuser before 2.3 allows remote attackers to hijack the authentication of arbitrary users for requests that \perform sensitive write actions\ via unspecified vectors.

Reference

http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html http://osvdb.org/96908 http://seclists.org/oss-sec/2013/q3/553 http://www.securityfocus.com/bid/62210 https://bugzilla.wikimedia.org/show_bug.cgi?id=45019 https://exchange.xforce.ibmcloud.com/vulnerabilities/86893 https://git.wikimedia.org/commit/mediawiki2Fextensions2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651