CVE-2020-27621

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.35.0

Description The issue concerns the FileImporter extension, which failed to properly attribute user actions to a specific user's IP address. It would report the IP address of an internal server instead, by omitting X-Forwarded-For data, resulting in an inability to properly audit and attribute user actions performed via the FileImporter extension.

Recommendations For versions prior to 1.35.0, update to version 1.35.0 or later to resolve the issue.