This repository was archived by the owner on May 25, 2021. It is now read-only.
CSRF vulnerability for reporting revisions
Package
No package listed
Affected versions
<f828dc6
Patched versions
f828dc6
Description
Credits
-
R4356th Analyst
-
Kenny2github Analyst
Impact
Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged.
Patches
The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.
Workarounds
Disable the extension or upgrade it. No workarounds.