CVE-2015-8623
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.
La función User::matchEditToken en includes/User.php en MediaWiki en versiones anteriores a 1.23.12 y 1.24.x en versiones anteriores a 1.24.5 no realiza comparación de token en tiempo constante antes de regresar, lo que permite a atacantes remotos adivinar el token de edición y eludir la protección CSRF a través de un ataque de temporización, una vulnerabilidad diferente a CVE-2015-8624.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-12-23 CVE Reserved
- 2017-03-23 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/12/21/8 | 2017-03-27 | |
| http://www.openwall.com/lists/oss-security/2015/12/23/7 | 2017-03-27 | |
| https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html | 2017-03-27 | |
| https://phabricator.wikimedia.org/T119309 | 2017-03-27 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | <= 1.23.11 Search vendor "Mediawiki" for product "Mediawiki" and version " <= 1.23.11" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.24.0 Search vendor "Mediawiki" for product "Mediawiki" and version "1.24.0" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.24.1 Search vendor "Mediawiki" for product "Mediawiki" and version "1.24.1" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.24.2 Search vendor "Mediawiki" for product "Mediawiki" and version "1.24.2" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.24.3 Search vendor "Mediawiki" for product "Mediawiki" and version "1.24.3" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.24.4 Search vendor "Mediawiki" for product "Mediawiki" and version "1.24.4" | - |
Affected
| ||||||