The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-25T14:00:00

Updated: 2024-08-06T08:06:31.525Z

Reserved: 2015-10-28T00:00:00

Link: CVE-2015-8009

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-07-25T14:29:00.223

Modified: 2024-11-21T02:37:50.460

Link: CVE-2015-8009

cve-icon Redhat

No data.