Skip to main content

CVE-2020-29004 mediawiki: Missing edit token in ApiPushBase.php facilitates CSRF attacks

Publication Date 2021-01-29
Severity Low
Type Cross-Site Request Forgery
Affected PHP Versions
Fixed Product Versions

CVE Details

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.

Recommendations