CVE-2020-29004

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
Configurations

Configuration 1

cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*

Information

Published : 2021-01-29 07:15

Updated : 2021-02-03 06:31


NVD link : CVE-2020-29004

Mitre link : CVE-2020-29004

Products Affected
No products.
CWE