CVE-2015-8009
First published: Tue Jul 25 2017(Updated: )
The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaWiki MediaWiki | <=1.23.10 | |
| MediaWiki MediaWiki | =1.24.0 | |
| MediaWiki MediaWiki | =1.24.1 | |
| MediaWiki MediaWiki | =1.24.2 | |
| MediaWiki MediaWiki | =1.24.3 | |
| MediaWiki MediaWiki | =1.25.0 | |
| MediaWiki MediaWiki | =1.25.1 | |
| MediaWiki MediaWiki | =1.25.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/mediawiki
- canonical/mediawiki mediawiki
- version/mediawiki mediawiki/1.23.10
- version/mediawiki mediawiki/1.24.0
- version/mediawiki mediawiki/1.24.1
- version/mediawiki mediawiki/1.24.2
- version/mediawiki mediawiki/1.24.3
- version/mediawiki mediawiki/1.25.0
- version/mediawiki mediawiki/1.25.1
- version/mediawiki mediawiki/1.25.2