CVE-2013-4572
HIGH7.5EPSS 1.3%Published: 2/6/2020Modified: 4/28/2026
Also known as:DEBIAN-CVE-2013-4572
Description
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
Affected packages (1)
- Debian/mediawikifrom 0, < 1:1.19.8+dfsg-2.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |