CVE-2020-27621
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension.
La extensión FileImporter en MediaWiki versiones hasta 1.35.0 no atribuía apropiadamente varias acciones de usuario a la dirección IP de un usuario específico. En cambio, para varias acciones, informaría la dirección IP de un servidor interno de Wikimedia Foundation al omitir datos X-Fordered-For. Esto resultó en una incapacidad para auditar y atribuir correctamente varias acciones de usuario llevadas a cabo por medio de la extensión FileImporter
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-22 CVE Reserved
- 2020-10-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://gerrit.wikimedia.org/r/q/I24a240253c7a5c66dd493a68e8c23d95a17e1b21 | 2024-08-04 | |
| https://phabricator.wikimedia.org/T265810 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | <= 1.35.0 Search vendor "Mediawiki" for product "Mediawiki" and version " <= 1.35.0" | - |
Affected
| ||||||