CVE-2019-15150

Published August 19th, 2019

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function.

Schine/MW-OAuth2Client

MediaWiki OAuth2 Client Extension

GitHub