Mediawiki · Mediawiki Oauth2 Client Extension · CVE-2019-15150
**Name of the Vulnerable Software and Affected Versions**
MediaWiki OAuth2 Client extension versions prior to 0.4
**Description**
A CSRF issue exists due to the OAuth2 state parameter not being checked in the callback function, allowing a remote attacker to perform a cross-site request forgery. This could potentially enable an attacker to carry out actions on behalf of another user without their knowledge or consent.
**Recommendations**
For versions prior to 0.4, update to version 0.4 or later to resolve the issue. As a temporary workaround, consider implementing additional validation checks for the OAuth2 state parameter in the callback function to prevent CSRF attacks.