CVE-2019-15150

Name of the Vulnerable Software and Affected Versions MediaWiki OAuth2 Client extension versions prior to 0.4

Description A CSRF issue exists due to the OAuth2 state parameter not being checked in the callback function, allowing a remote attacker to perform a cross-site request forgery. This could potentially enable an attacker to carry out actions on behalf of another user without their knowledge or consent.

Recommendations For versions prior to 0.4, update to version 0.4 or later to resolve the issue. As a temporary workaround, consider implementing additional validation checks for the OAuth2 state parameter in the callback function to prevent CSRF attacks.