CVE-2020-25869
HIGHMediaWiki < 1.31.10 and 1.32.x-1.34.x < 1.34.4 - Information Leak via Actor ID Handling
Title source: llmDescription
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.
References (4)
Core 4
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://phabricator.wikimedia.org/T260485
Mailing List, Vendor Advisory x_refsource_confirm
https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
Mailing List, Vendor Advisory x_refsource_misc
https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
Scores
CVSS v3
7.5
EPSS
0.0027
EPSS Percentile
50.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-863
Status
published
Products (2)
fedoraproject/fedora
33
mediawiki/mediawiki
< 1.31.10
Published
Sep 27, 2020
Tracked Since
Feb 18, 2026