Description
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
Remediation
References
Related Vulnerabilities
Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11817)
WordPress Plugin Site Kit by Google Security Bypass (1.7.1)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-15132)
MySQL CVE-2018-2665 Vulnerability (CVE-2018-2665)
WordPress Plugin WP PHP widget Information Disclosure (1.0.2)