vulnerability

MediaWiki: Credentials Management (CVE-2015-8009)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Jul 25, 2017	Oct 23, 2019	Mar 7, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Jul 25, 2017

Added

Oct 23, 2019

Modified

Mar 7, 2024

Description

The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.

Solution

mediawiki-upgrade-latest

References

CVE-2015-8009
https://attackerkb.com/topics/CVE-2015-8009
URL-http://www.openwall.com/lists/oss-security/2015/10/29/14
URL-http://www.securitytracker.com/id/1034028
URL-https://phabricator.wikimedia.org/T103023

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today