Description
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
Remediation
References
Related Vulnerabilities
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1041)
WordPress Plugin Let Them Unsubscribe Multiple Unspecified Vulnerabilities (1.0)
WordPress Plugin WordPress Custom Global Variable Unspecified Vulnerability (3.0.0)