Search for packages
| purl | pkg:gem/doorkeeper@0.3.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bss3-b2mz-gyg6
Aliases: CVE-2023-34246 GHSA-7w2c-w47h-789w |
Doorkeeper Improper Authentication vulnerability OAuth RFC 8252 says https://www.rfc-editor.org/rfc/rfc8252#section-8.6 > the authorization server SHOULD NOT process authorization requests automatically without user consent or interaction, except when the identity of the client can be assured. **This includes the case where the user has previously approved an authorization request for a given client id** But Doorkeeper automatically processes authorization requests without user consent for public clients that have been previously approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. Issue https://github.com/doorkeeper-gem/doorkeeper/issues/1589 Fix https://github.com/doorkeeper-gem/doorkeeper/pull/1646 |
Affected by 0 other vulnerabilities. |
|
VCID-jqsd-ye8h-hfd1
Aliases: CVE-2018-1000211 GHSA-694m-jhr9-pf77 |
Incorrect Permission Assignment for Critical Resource Doorkeeper contains a vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-pumw-cz31-tyg8
Aliases: CVE-2012-5664 |
access_token Disclosure CSRF Doorkeeper contains a flaw as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack causing the victim to disclose their access_token with an arbitrary scope. |
Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-unwy-fy1v-9qcr
Aliases: CVE-2014-8144 GHSA-685w-vc84-wxcx OSV-116010 |
Doorkeeper vulnerable to Cross-site Request Forgery Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors. |
Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-vfr9-mu8k-rbg5
Aliases: CVE-2018-1000088 GHSA-hwhh-2fwm-cfgw |
XSS on authorization consent view Stored XSS on the OAuth Client's name will cause users being prompted for consent via the `implicit` grant type to execute the XSS payload. The XSS attack could gain access to the user's active session, resulting in account compromise. Any user is susceptible if they click the authorization link for the malicious OAuth client. Because of how the links work, a user cannot tell if a link is malicious or not without first visiting the page with the XSS payload. In addition, there is stored XSS in the `native_redirect_uri` form element. |
Affected by 2 other vulnerabilities. |
|
VCID-xa34-b97y-tye5
Aliases: CVE-2016-6582 GHSA-3m6r-39p3-jq25 |
Broken token revocation, wrong auth/auth method Doorkeeper failed to implement OAuth Token Revocation (RFC ) in the following ways: Public clients making valid, unauthenticated calls to revoke a token would not have their token revoked Requests were not properly authenticating the *client credentials* but were, instead, looking at the access token in a second location Because of 2, the requests were also not authorizing confidential clients' ability to revoke a given token. It should only revoke tokens that belong to it. The security implication is: OAuth clients who "log out" a user expect to have the corresponding access & refresh tokens revoked, preventing an attacker who may have already hijacked the session from continuing to impersonate the victim. Because of the bug described above, this is not the case. As far as OWASP is concerned, this counts as broken authentication design. MITRE has assigned CVE-2016-6582 due to the security issues raised. An attacker, thanks to 1, can replay a hijacked session after a victim logs out/revokes their token. Additionally, thanks to 2 & 3, an attacker via a compromised confidential client could "grief" other clients by revoking their tokens (albeit this is an exceptionally narrow attack with little value). |
Affected by 3 other vulnerabilities. |
|
VCID-ypak-x4hq-6qgt
Aliases: OSVDB-118830 |
Sensitive information in production logs The program stores sensitive information in production logs. This may allow a local attacker to gain access to sensitive information. |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||