CVE-2020-29004

CVE-2020-29004 mediawiki: Missing edit token in ApiPushBase.php facilitates CSRF attacks

Publication Date	2021-01-29
Severity	Low
Type	Cross-Site Request Forgery
Affected PHP Versions
Fixed Product Versions

CVE Details

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.

Recommendations

---