CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2013-4304 — HIGH severity vulnerability | Release Alert
CVE-2013-4304
7.5
HIGHCVSS v2
Published
January 26, 2014
Affected
2 projects
Assigned by
Red Hat
Severity scale
010
Description
The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password.
GitHub🌻 The collaborative editing software that runs Wikipedia. Mirror from https://gerrit.wikimedia.org/g/mediawiki/core. See https://mediawiki.org/wiki/Developer_access for contributing.