Description

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

Remediation

References

CVE-2015-8008

Related Vulnerabilities

WordPress Plugin Auto Amazon Links-Amazon Associates Affiliate Unspecified Vulnerability (2.0.3.4)

WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.5.0)

Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4522)

PHP Out-of-bounds Read Vulnerability (CVE-2019-9024)

WordPress Plugin WP Affiliate Platform Multiple Vulnerabilities (6.3.9)

Severity

High

Classification

CVE-2015-8008 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities