Push extension
by MediaWiki
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-29004 | Hig | 0.57 | 8.8 | 0.01 | Jan 29, 2021 | The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack. | ||
| CVE-2020-29005 | Hig | 0.49 | 7.5 | 0.01 | Jan 29, 2021 | The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. |
- risk 0.57cvss 8.8epss 0.01
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
- risk 0.49cvss 7.5epss 0.01
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.