vulnerability
MediaWiki: CVE-2020-25869: Incorrect Authorization
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Sep 27, 2020 | Oct 7, 2020 | May 6, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Sep 27, 2020
Added
Oct 7, 2020
Modified
May 6, 2026
Description
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.
Solution
mediawiki-upgrade-latest
References
- CVE-2020-25869
- https://attackerkb.com/topics/CVE-2020-25869
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
- https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
- https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
- https://phabricator.wikimedia.org/T260485
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-18501
- CWE-863
- EUVD-EUVD-2020-18501
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.