Unrated severityNVD Advisory· Published Jan 29, 2021· Updated Aug 4, 2024
CVE-2020-29004
CVE-2020-29004
Description
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- MediaWiki/Push extensiondescription
Patches
Vulnerability mechanics
References
3- gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988mitrex_refsource_MISC
- gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.phpmitrex_refsource_CONFIRM
- phabricator.wikimedia.org/T262724mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.