VYPR

Oauth extension

by MediaWiki

CVEs (4)

  • CVE-2015-8009CriJul 25, 2017
    risk 0.64cvss 9.8epss 0.03

    The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another…

  • CVE-2015-8008HigDec 29, 2017
    risk 0.49cvss 7.5epss 0.03

    The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

  • CVE-2021-31556Aug 12, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob.

  • CVE-2021-31555Apr 22, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.