Description
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2019-2888 Vulnerability (CVE-2019-2888)
WordPress Plugin HyperComments Arbitrary File Deletion (1.2.2)
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2019-15226)
Moodle Cryptographic Issues Vulnerability (CVE-2011-4303)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1240)