Last modified: 2013-09-05 17:03:14 UTC
Doesn't leak information, but could be used to have the user perform sensitive write actions unknowingly if I understand correctly.
Created attachment 11962 [details] Add token requirement to Checkuser API
Created attachment 12745 [details] Add token requirement to Checkuser API
Tested and working well so far. I'll deploy this and we'll release it with 1.21.2.
Deployed 18:37 logmsgbot: csteipp synchronized php-1.22wmf13/extensions/CheckUser 18:36 logmsgbot: csteipp synchronized php-1.22wmf14/extensions/CheckUser
This was assigned CVE-2013-4306