The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-07-25T14:00:00
Updated: 2024-08-06T08:06:31.525Z
Reserved: 2015-10-28T00:00:00
Link: CVE-2015-8009
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-07-25T14:29:00.223
Modified: 2024-11-21T02:37:50.460
Link: CVE-2015-8009
Redhat
No data.