High severity8.8NVD Advisory· Published Aug 19, 2019· Updated Jun 17, 2026
CVE-2019-15150
CVE-2019-15150
Description
In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- MediaWiki/OAuth2 Client extensiondescription
- Range: <0.4
- Range: <0.4
Patches
Vulnerability mechanics
References
6- github.com/Schine/MW-OAuth2Client/commit/6a4fe4500ddd72ad4e826d9d63b2d69512bd10d1nvdPatch
- packetstormsecurity.com/files/154140/MediaWiki-OAuth2-Client-0.3-Cross-Site-Request-Forgery.htmlnvdThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2019/Aug/25nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2019/08/19/1nvdMailing ListThird Party Advisory
- seclists.org/bugtraq/2019/Aug/32nvdMailing ListThird Party Advisory
- github.com/Schine/MW-OAuth2Client/releases/tag/v0.4nvdRelease Notes
News mentions
0No linked articles in our index yet.