includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attackers account, as demonstrated by tracking the victims activity, related to a login CSRF issue.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mediawiki | Mediawiki | * | 1.19.13 (including) |
| Mediawiki | Mediawiki | 1.19 (including) | 1.19 (including) |
| Mediawiki | Mediawiki | 1.19-beta_1 (including) | 1.19-beta_1 (including) |
| Mediawiki | Mediawiki | 1.19-beta_2 (including) | 1.19-beta_2 (including) |
| Mediawiki | Mediawiki | 1.19.0 (including) | 1.19.0 (including) |
| Mediawiki | Mediawiki | 1.19.1 (including) | 1.19.1 (including) |
| Mediawiki | Mediawiki | 1.19.2 (including) | 1.19.2 (including) |
| Mediawiki | Mediawiki | 1.19.3 (including) | 1.19.3 (including) |
| Mediawiki | Mediawiki | 1.19.4 (including) | 1.19.4 (including) |
| Mediawiki | Mediawiki | 1.19.5 (including) | 1.19.5 (including) |
| Mediawiki | Mediawiki | 1.19.6 (including) | 1.19.6 (including) |
| Mediawiki | Mediawiki | 1.19.7 (including) | 1.19.7 (including) |
| Mediawiki | Mediawiki | 1.19.8 (including) | 1.19.8 (including) |
| Mediawiki | Mediawiki | 1.19.9 (including) | 1.19.9 (including) |
| Mediawiki | Mediawiki | 1.19.10 (including) | 1.19.10 (including) |
| Mediawiki | Mediawiki | 1.19.11 (including) | 1.19.11 (including) |
| Mediawiki | Mediawiki | 1.19.12 (including) | 1.19.12 (including) |
| Mediawiki | Mediawiki | 1.20 (including) | 1.20 (including) |
| Mediawiki | Mediawiki | 1.20.1 (including) | 1.20.1 (including) |
| Mediawiki | Mediawiki | 1.20.2 (including) | 1.20.2 (including) |
| Mediawiki | Mediawiki | 1.20.3 (including) | 1.20.3 (including) |
| Mediawiki | Mediawiki | 1.20.4 (including) | 1.20.4 (including) |
| Mediawiki | Mediawiki | 1.20.5 (including) | 1.20.5 (including) |
| Mediawiki | Mediawiki | 1.20.6 (including) | 1.20.6 (including) |
| Mediawiki | Mediawiki | 1.20.7 (including) | 1.20.7 (including) |
| Mediawiki | Mediawiki | 1.20.8 (including) | 1.20.8 (including) |
| Mediawiki | Mediawiki | 1.21 (including) | 1.21 (including) |
| Mediawiki | Mediawiki | 1.21.1 (including) | 1.21.1 (including) |
| Mediawiki | Mediawiki | 1.21.2 (including) | 1.21.2 (including) |
| Mediawiki | Mediawiki | 1.21.3 (including) | 1.21.3 (including) |
| Mediawiki | Mediawiki | 1.21.4 (including) | 1.21.4 (including) |
| Mediawiki | Mediawiki | 1.21.5 (including) | 1.21.5 (including) |
| Mediawiki | Mediawiki | 1.21.6 (including) | 1.21.6 (including) |
| Mediawiki | Mediawiki | 1.21.7 (including) | 1.21.7 (including) |
| Mediawiki | Mediawiki | 1.22.0 (including) | 1.22.0 (including) |
| Mediawiki | Mediawiki | 1.22.1 (including) | 1.22.1 (including) |
| Mediawiki | Mediawiki | 1.22.2 (including) | 1.22.2 (including) |
| Mediawiki | Mediawiki | 1.22.3 (including) | 1.22.3 (including) |
| Mediawiki | Mediawiki | 1.22.4 (including) | 1.22.4 (including) |
| Mediawiki | Ubuntu | lucid | * |
| Mediawiki | Ubuntu | precise | * |
| Mediawiki | Ubuntu | quantal | * |
| Mediawiki | Ubuntu | saucy | * |
| Mediawiki | Ubuntu | upstream | * |