PT-2017-7309 · Mediawiki+1 · Mediawiki Extension:Oauth+1

Sitic

·

Publicado

2017-08-22

·

Atualizado

2018-01-11

·

CVE-2015-8008

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions MediaWiki OAuth extension (affected versions not specified)
Description The issue concerns the OAuth extension for MediaWiki, where it improperly negotiates a new client token. This allows attackers to bypass intended IP address access restrictions by making an API request with an existing token to the "/Special:OAuth/initiate" endpoint.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

ALT-PU-2017-2095
CVE-2015-8008

Produtos afetados

Alt Linux
Mediawiki Extension:Oauth