The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows malicious users to bypass intended IP address access restrictions by making an API request with an existing token.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |
||
fedoraproject fedora 23 |
||
fedoraproject fedora 21 |
||
fedoraproject fedora 22 |