Description
The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.
Remediation
References
Related Vulnerabilities
Drupal Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2020-36193)
Oracle Application Server Other Vulnerability (CVE-2006-5353)
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.56)
phpMyAdmin Other Vulnerability (CVE-2006-1258)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-5104)