High severity7.5NVD Advisory· Published Dec 29, 2017· Updated Jun 17, 2026
CVE-2015-8008
CVE-2015-8008
Description
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
9- phabricator.wikimedia.org/T103022nvdIssue TrackingPatchThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.htmlnvdIssue TrackingThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.htmlnvdIssue TrackingThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.htmlnvdIssue TrackingThird Party Advisory
- www.openwall.com/lists/oss-security/2015/10/29/14nvdIssue TrackingMailing ListThird Party Advisory
- www.securityfocus.com/bid/77379nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034028nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.htmlnvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.