The CentralNotice extension for MediaWiki prior to 1.19.9, 1.20.x prior to 1.20.8, and 1.21.x prior to 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote malicious users to authenticate as the created user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |
||
fedoraproject fedora 18 |
||
fedoraproject fedora 19 |