CVE-2020-25869
HIGH7.5EPSS 0.27%Published: 3/6/2024Modified: 4/3/2025
Description
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.
Affected packages (1)
- Bitnami/mediawikifrom 0, < 1.31.10, >= 1.32.0, < 1.34.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References (5)
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
- WEBhttps://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
- WEBhttps://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-25869
- WEBhttps://phabricator.wikimedia.org/T260485