|Date: (C)2018-01-02 (M)2018-01-05|| |
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
|CVSS Score: 9.3||Access Vector: |
|Exploit Score: ||Access Complexity: |
|Impact Score: ||Authentication: |
| ||Confidentiality: |
| ||Integrity: |
| ||Availability: |