CVE-2020-27621

Published: Oct 22, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://phabricator.wikimedia.org/T265810

x_refsource_MISC

https://gerrit.wikimedia.org/r/q/I24a240253c7a5c66dd493a68e8c23d95a17e1b21

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-27621

Description

Affected Products

References