Description

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

Remediation

References

CVE-2015-8008

Related Vulnerabilities

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder Cross-Site Scripting (1.29.0)

WebLogic Improper Input Validation Vulnerability (CVE-2019-12400)

Internet Information Services Other Vulnerability (CVE-2002-1180)

WordPress Plugin Alert Before Your Post Cross-Site Scripting (0.1.1)

MySQL CVE-2021-2144 Vulnerability (CVE-2021-2144)

Severity

High

Classification

CVE-2015-8008 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities