Description

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

Remediation

References

CVE-2015-8008

Related Vulnerabilities

WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (4.6.0)

WordPress Plugin Poll, Survey, Questionnaire and Voting system SQL Injection (1.2.4)

Drupal Core 8.7.x Security Bypass (8.7.0 - 8.7.10)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Unspecified Vulnerability (5.3.2)

WordPress Plugin Csv Import-Export Multiple Cross-Site Scripting Vulnerabilities (1.1.0)

Severity

High

Classification

CVE-2015-8008 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities