Description
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.
Remediation
References
Related Vulnerabilities
PHP Insufficient Verification of Data Authenticity Vulnerability (CVE-2024-5458)
Drupal Core 6.x Security Bypass (6.0 - 6.35)
WordPress Plugin Keep Backup Daily Cross-Site Scripting (2.0.2)
Oracle JRE CVE-2019-2964 Vulnerability (CVE-2019-2964)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-6727)