Vulnerability Description
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | < 1.31.10 |
| Fedoraproject | Fedora | 33 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.htmlMailing ListVendor Advisory
- https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.htmlMailing ListVendor Advisory
- https://phabricator.wikimedia.org/T260485Permissions RequiredVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.htmlMailing ListVendor Advisory
- https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.htmlMailing ListVendor Advisory
- https://phabricator.wikimedia.org/T260485Permissions RequiredVendor Advisory
FAQ
What is CVE-2020-25869?
CVE-2020-25869 is a vulnerability with a CVSS score of 7.5 (HIGH). An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.
How severe is CVE-2020-25869?
CVE-2020-25869 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-25869?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki, Fedoraproject Fedora.