Unrated severityNVD Advisory· Published Dec 21, 2020· Updated Aug 4, 2024

CVE-2020-35626

Description

An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

MediaWiki/PushToWatch extensiondescription
MediaWiki/PushToWatchllm-create
osv-coords
pkg:bitnami/mediawiki
Range: < 1.35.2

Patches

Vulnerability mechanics

References

gerrit.wikimedia.org/r/q/14dc79b1f44c2a1ca6b1192284206c7b8626fb57mitrex_refsource_MISC
phabricator.wikimedia.org/T268641mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000