CVE-2014-3455: CSRF
First published: Mon May 12 2014(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaWiki | =1.22.0 | |
| MediaWiki | <=1.19.9 | |
| MediaWiki | =1.19 | |
| MediaWiki | =1.19-beta_1 | |
| MediaWiki | =1.19-beta_2 | |
| MediaWiki | =1.19.0 | |
| MediaWiki | =1.19.1 | |
| MediaWiki | =1.19.2 | |
| MediaWiki | =1.19.3 | |
| MediaWiki | =1.19.4 | |
| MediaWiki | =1.19.5 | |
| MediaWiki | =1.19.6 | |
| MediaWiki | =1.19.7 | |
| MediaWiki | =1.19.8 | |
| MediaWiki | =1.21 | |
| MediaWiki | =1.21.1 | |
| MediaWiki | =1.21.2 | |
| MediaWiki | =1.21.3 | |
| =1.22.0 | ||
| <=1.19.9 | ||
| =1.19 | ||
| =1.19-beta_1 | ||
| =1.19-beta_2 | ||
| =1.19.0 | ||
| =1.19.1 | ||
| =1.19.2 | ||
| =1.19.3 | ||
| =1.19.4 | ||
| =1.19.5 | ||
| =1.19.6 | ||
| =1.19.7 | ||
| =1.19.8 | ||
| =1.21 | ||
| =1.21.1 | ||
| =1.21.2 | ||
| =1.21.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3455?
CVE-2014-3455 is categorized as a moderate severity vulnerability due to various cross-site request forgery (CSRF) risks.
How do I fix CVE-2014-3455?
To mitigate CVE-2014-3455, upgrade to MediaWiki versions 1.19.10, 1.21.4, or 1.22.1 and apply the related patches.
What are the affected versions for CVE-2014-3455?
CVE-2014-3455 affects MediaWiki versions before 1.19.10, versions in the 1.2x series before 1.21.4, and all versions in the 1.22.x series before 1.22.1.
What types of attacks can CVE-2014-3455 enable?
CVE-2014-3455 can enable remote attackers to perform actions on behalf of authenticated users through cross-site request forgery.
Is there a workaround for CVE-2014-3455?
While updating is the best solution, temporarily disabling the affected special pages may help mitigate the risks associated with CVE-2014-3455.
- agent/references
- agent/type
- agent/severity
- agent/author
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/mediawiki
- canonical/mediawiki
- version/mediawiki/1.22.0
- version/mediawiki/1.19.9
- version/mediawiki/1.19
- version/mediawiki/1.19-beta_1
- version/mediawiki/1.19-beta_2
- version/mediawiki/1.19.0
- version/mediawiki/1.19.1
- version/mediawiki/1.19.2
- version/mediawiki/1.19.3
- version/mediawiki/1.19.4
- version/mediawiki/1.19.5
- version/mediawiki/1.19.6
- version/mediawiki/1.19.7
- version/mediawiki/1.19.8
- version/mediawiki/1.21
- version/mediawiki/1.21.1
- version/mediawiki/1.21.2
- version/mediawiki/1.21.3