CVE-2015-8008

Published: Dec 29, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

Affected (4)

Products: Mediawiki: Mediawiki · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mediawiki Mediawiki	Before 1.25.3

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 21
Fedoraproject Fedora	Version 22
Fedoraproject Fedora	Version 23

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (18)

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html

Source: cve@mitre.org

Issue TrackingThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.html

Source: cve@mitre.org

Issue TrackingThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.html

Source: cve@mitre.org

Issue TrackingThird Party Advisory

http://www.openwall.com/lists/oss-security/2015/10/29/14

Source: cve@mitre.org

Issue TrackingMailing ListThird Party Advisory

http://www.securityfocus.com/bid/77379

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034028

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1273353

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://phabricator.wikimedia.org/T103022

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

http://www.openwall.com/lists/oss-security/2015/10/29/14

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMailing ListThird Party Advisory

http://www.securityfocus.com/bid/77379

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034028

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1273353

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://phabricator.wikimedia.org/T103022

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.