Push
by MediaWiki
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-29004 | 0.00 | — | 0.01 | Jan 29, 2021 | The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack. | |||
| CVE-2020-29005 | 0.00 | — | 0.01 | Jan 29, 2021 | The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. |
- CVE-2020-29004Jan 29, 2021risk 0.00cvss —epss 0.01
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
- CVE-2020-29005Jan 29, 2021risk 0.00cvss —epss 0.01
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.