The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x prior to 1.25.3, 1.24.x prior to 1.24.4, and prior to 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki 1.25.0 |
||
mediawiki mediawiki 1.25.1 |
||
mediawiki mediawiki 1.24.2 |
||
mediawiki mediawiki 1.24.1 |
||
mediawiki mediawiki 1.24.0 |
||
mediawiki mediawiki |
||
mediawiki mediawiki 1.24.3 |
||
mediawiki mediawiki 1.25.2 |