MediaWiki is vulnerable to rate limiting logic error. Rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can still be made across many wikis/sites concurrently.
lists.fedoraproject.org/archives/list/[email protected]/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
phabricator.wikimedia.org/T251661
security-tracker.debian.org/tracker/CVE-2020-25827