CVE-2025-23073
API list=globalblocks can reveal IP of autoblock if username and IP are included in the bgtargets parameter
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data.
This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Produtos afetados
Wikimedia Foundation · Mediawiki - GlobalBlocking ExtensionQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →