Description

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

Remediation

References

CVE-2015-8008

Related Vulnerabilities

Roundcube Resource Management Errors Vulnerability (CVE-2011-4078)

Claroline Other Vulnerability (CVE-2006-1595)

MySQL Improper Access Control Vulnerability (CVE-2015-3152)

WordPress Plugin Custom Post Type UI Cross-Site Scripting (1.0.6)

WordPress Plugin Toolset Types-Custom Post Types, Custom Fields and Taxonomies Privilege Escalation (2.3.3)

Severity

High

Classification

CVE-2015-8008 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities