VYPR

Push

by MediaWiki

CVEs (2)

  • CVE-2020-29004Jan 29, 2021
    risk 0.00cvss epss 0.01

    The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.

  • CVE-2020-29005Jan 29, 2021
    risk 0.00cvss epss 0.01

    The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.