Critical severity9.8NVD Advisory· Published Jul 25, 2017· Updated Jun 17, 2026
CVE-2015-8009
CVE-2015-8009
Description
The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- Range: >=1.23,<1.23.11 or >=1.24,<1.24.4 or >=1.25,<1.25.3
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*range: <=1.23.10
- cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*
- (no CPE)range: <1.25.3, <1.24.4, <1.23.11
- Range: <1.25.3, <1.24.4, <1.23.11
Patches
Vulnerability mechanics
References
3- phabricator.wikimedia.org/T103023nvdExploitThird Party Advisory
- www.openwall.com/lists/oss-security/2015/10/29/14nvdMailing ListVDB Entry
- www.securitytracker.com/id/1034028nvd
News mentions
0No linked articles in our index yet.