CVE-2020-29004

CVE-2020-29004 mediawiki: Missing edit token in ApiPushBase.php facilitates CSRF attacks

Publication Date2021-01-29
SeverityLow
TypeCross-Site Request Forgery
Affected PHP Versions
    Fixed Product Versions

      CVE Details

      The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.

      Recommendations