CVE-2025-32068
Revoking authorization of OAuth2 consumer does not invalidate refresh tokens
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Revoking authorization of OAuth2 consumer does not invalidate refresh tokens
Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43.
Reserved 2025-04-03 | Published 2025-04-11 | Updated 2025-04-11 | Assigner wikimedia-foundationCWE-863 Incorrect Authorization
Tgr
MarkusRost
phabricator.wikimedia.org/T336113
gerrit.wikimedia.org/...1af2cdfb862a42432e7a87b863033d540cfc
Support options
