vulnerability
MediaWiki: Incorrect Authorization (CVE-2020-25869)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Sep 27, 2020 | Oct 7, 2020 | Nov 8, 2023 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Sep 27, 2020
Added
Oct 7, 2020
Modified
Nov 8, 2023
Description
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.
Solution(s)
mediawiki-upgrade-1_31_10mediawiki-upgrade-1_34_4
References
- CVE-2020-25869
- https://attackerkb.com/topics/CVE-2020-25869
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
- URL-https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
- URL-https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
- URL-https://phabricator.wikimedia.org/T260485
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.