CVE-2010-1150

Publication date 20 April 2010

Last updated 24 July 2024


Ubuntu priority

MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.

Status

Package Ubuntu Release Status
mediawiki 9.10 karmic
Fixed 1:1.15.0-1.1ubuntu0.2
9.04 jaunty
Fixed 1:1.13.3-1ubuntu2.2
8.10 intrepid
Fixed 1:1.12.0-2ubuntu0.5
8.04 LTS hardy
Fixed 1:1.11.2-2ubuntu0.5
6.06 LTS dapper Ignored end of life