High severity7.5NVD Advisory· Published Dec 29, 2017· Updated May 13, 2026

CVE-2015-8008

Description

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

phabricator.wikimedia.org/T103022nvdIssue TrackingPatchThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.htmlnvdIssue TrackingThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.htmlnvdIssue TrackingThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.htmlnvdIssue TrackingThird Party Advisory
www.openwall.com/lists/oss-security/2015/10/29/14nvdIssue TrackingMailing ListThird Party Advisory
www.securityfocus.com/bid/77379nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1034028nvdThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.htmlnvdIssue TrackingThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000