vulnerability
MediaWiki: Improper Access Control (CVE-2015-8008)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Dec 29, 2017 | Oct 23, 2019 | Dec 23, 2024 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Dec 29, 2017
Added
Oct 23, 2019
Modified
Dec 23, 2024
Description
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
Solution
mediawiki-upgrade-1_25_3
References
- CVE-2015-8008
- https://attackerkb.com/topics/CVE-2015-8008
- URL-http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html
- URL-http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.html
- URL-http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.html
- URL-http://www.openwall.com/lists/oss-security/2015/10/29/14
- URL-http://www.securityfocus.com/bid/77379
- URL-http://www.securitytracker.com/id/1034028
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1273353
- URL-https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html
- URL-https://phabricator.wikimedia.org/T103022
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.