VYPR
Critical severity9.8NVD Advisory· Published Jul 25, 2017· Updated Jun 17, 2026

CVE-2015-8009

CVE-2015-8009

Description

The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Range: >=1.23,<1.23.11 or >=1.24,<1.24.4 or >=1.25,<1.25.3
  • cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*range: <=1.23.10
    • cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*
    • (no CPE)range: <1.25.3, <1.24.4, <1.23.11
  • Range: <1.25.3, <1.24.4, <1.23.11

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.