Lucene search
K

30 matches found

OSV
OSV
added 2026/06/04 2:37 p.m.10 views

GHSA-M6VC-F87M-CC2H Doorkeeper Openid Connect: Dynamic Client Registration feature creates public clients with client_secret

Impact The DynamicClientRegistrationControllerregister action hard-codes confidential: false when creating applications dynamicclientregistrationcontroller.rb:18-25, yet the response includes a clientsecret and advertises tokenendpointauthmethodssupported: "clientsecretbasic", "clientsecretpost"...

6.3CVSS5.8AI score0.00058EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/04 2:37 p.m.18 views

Doorkeeper Openid Connect: Dynamic Client Registration feature creates public clients with client_secret

Impact The DynamicClientRegistrationControllerregister action hard-codes confidential: false when creating applications dynamicclientregistrationcontroller.rb:18-25, yet the response includes a clientsecret and advertises tokenendpointauthmethodssupported: "clientsecretbasic", "clientsecretpost"...

5.8AI score0.00058EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1739

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00716EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.12 views

CVE-2023-34246

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...

6.5CVSS6.6AI score0.00716EPSS
Exploits1
Veracode
Veracode
added 2024/03/21 7:9 a.m.25 views

PKCE Downgrade Attack

spring-security-oauth2-authorization-server is vulnerable to PKCE Downgrade. The vulnerability is due to improper handling of PKCE authorization when a Confidential Client requests an Authorization Code Grant. Note that this vulnerability only applies to Confidential Clients, Public Clients are...

6.1CVSS6.9AI score0.00522EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2024/03/20 4:15 a.m.22 views

CVE-2024-22258

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...

6.1CVSS6.4AI score0.00522EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/07/12 12:0 a.m.16 views

Debian dla-3494 : ruby-doorkeeper - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3494 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3494-1 [email protected] https://www.debian.org/lts/security/...

6.5CVSS6.5AI score0.00716EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/07/10 12:0 a.m.24 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Doorkeeper vulnerability (USN-6210-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6210-1 advisory. It was discovered that Doorkeeper incorrectly performed authorization checks for public clients that have been previou...

6.5CVSS6.5AI score0.00716EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2023/07/07 3:14 p.m.53 views

USN-6210-1: Doorkeeper vulnerability

It was discovered that Doorkeeper incorrectly performed authorization checks for public clients that have been previous approved. An attacker could potentially exploit these in order to impersonate another user and obtain sensitive information...

6.5CVSS6.5AI score0.00716EPSS
Exploits1
OSV
OSV
added 2023/07/07 3:14 p.m.2 views

USN-6210-1 ruby-doorkeeper vulnerability

It was discovered that Doorkeeper incorrectly performed authorization checks for public clients that have been previous approved. An attacker could potentially exploit these in order to impersonate another user and obtain sensitive information...

6.5CVSS5.8AI score0.00716EPSS
Exploits1References2
Snyk
Snyk
added 2023/06/12 7:50 p.m.2 views

Improper Authentication

Overview doorkeeper is an OAuth 2 provider for Rails and Grape. Affected versions of this package are vulnerable to Improper Authentication due to automatically processing authorization requests without user consent for public clients that have been previously approved. Public clients are...

6.5CVSS7AI score0.00716EPSS
Exploits1References2
OSV
OSV
added 2023/06/12 7:50 p.m.28 views

GHSA-7W2C-W47H-789W Doorkeeper Improper Authentication vulnerability

OAuth RFC 8252 says https://www.rfc-editor.org/rfc/rfc8252section-8.6 the authorization server SHOULD NOT process authorization requests automatically without user consent or interaction, except when the identity of the client can be assured. This includes the case where the user has previously...

4.2CVSS5.2AI score0.00716EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2023/06/12 7:50 p.m.29 views

Doorkeeper Improper Authentication vulnerability

OAuth RFC 8252 says https://www.rfc-editor.org/rfc/rfc8252section-8.6 the authorization server SHOULD NOT process authorization requests automatically without user consent or interaction, except when the identity of the client can be assured. This includes the case where the user has previously...

6.5CVSS6.4AI score0.00716EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2023/06/12 5:15 p.m.17 views

CVE-2023-34246

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...

6.5CVSS5.2AI score0.00716EPSS
Exploits1References7
OSV
OSV
added 2023/06/12 5:15 p.m.1 views

DEBIAN-CVE-2023-34246

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...

6.5CVSS6.9AI score0.00716EPSS
Exploits1References1
Prion
Prion
added 2023/06/12 5:15 p.m.25 views

Authorization

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...

6.4CVSS6.3AI score0.00716EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/06/12 5:15 p.m.4 views

UBUNTU-CVE-2023-34246

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...

6.5CVSS5.8AI score0.00716EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2023/06/12 5:15 p.m.30 views

CVE-2023-34246

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...

6.5CVSS6.5AI score0.00716EPSS
Exploits1References7
OSV
OSV
added 2023/06/12 4:33 p.m.12 views

CVE-2023-34246 Doorkeeper Improper Authentication vulnerability

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...

4.2CVSS6.3AI score0.00716EPSS
Exploits1References9
Debian CVE
Debian CVE
added 2023/06/12 4:33 p.m.21 views

CVE-2023-34246

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...

6.5CVSS6.3AI score0.00716EPSS
Exploits1
Rows per page
Query Builder