N/A

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension.

N/A

N/A

MediaWiki 安全漏洞

MediaWiki是美国MediaWiki（维基媒体）基金会的一套自由免费的基于网络的Wiki引擎。该产品可用于部署内部的知识管理和内容管理系统。 MediaWiki Cosmos Skin 1.35.0版本存在安全漏洞，该漏洞源于文件导入器扩展没有正确地将各种用户操作归因到特定用户的IP地址。对于各种操作，它会通过省略x-forward-for数据来报告内部Wikimedia Foundation服务器的IP地址。这导致无法正确地审计和属性通过FileImporter扩展执行的各种用户操作。

N/A

N/A