← Back

CVE-2020-25869

nvd nist
Published: Sep 27, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.

Affected (3)

Mediawiki
1 product
Mediawiki
Fedoraproject
1 product
Fedora
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Mediawiki
Mediawiki
Before 1.31.10
Mediawiki
From 1.32.0 to 1.34.4
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 33

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (8)

Source: cve@mitre.org
Source: cve@mitre.org
Mailing ListVendor Advisory
Source: cve@mitre.org
Mailing ListVendor Advisory
Source: cve@mitre.org
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory

Timeline

No history available yet.