Oathauth
Monthly
OATHAuth before versions 1.43.7, 1.44.4, or 1.45.2 exposes sensitive information to unauthorized actors through an information disclosure vulnerability accessible to authenticated users via network requests. The vulnerability requires user interaction and results in limited confidentiality impact, affecting deployments where OATHAuth handles two-factor authentication across Wikimedia platforms.
OATHAuth before versions 1.43.7, 1.44.4, or 1.45.2 exposes sensitive information to unauthorized actors through an information disclosure vulnerability accessible to authenticated users via network requests. The vulnerability requires user interaction and results in limited confidentiality impact, affecting deployments where OATHAuth handles two-factor authentication across Wikimedia platforms.