Improper Token Revocation

doorkeeper improperly handles token revocation. The vulnerability exists in the authorized method found in the token revocation's API, resulting in incorrect access control where the access token for the public OAuth applications are not revoked...

CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

Improper access control

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

DEBIAN-CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

UBUNTU-CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

CVE-2018-1000211

CVE-2018-1000211 affects Doorkeeper 4.2.0 and later. The vulnerability is an Incorrect Access Control in the Token revocation API’s authorized method, which can cause access tokens to remain valid for public OAuth apps until expiry, leaking access. The provided connected documents confirm the vul...

CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

rubygem-doorkeeper -- token revocation vulnerability

NVD reports: Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

Malicious Package in eslint-scope

Version 3.7.2 of eslint-scope was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to 2 remote servers. Recommendation The best course of action if you found this package installed in your...

Malicious Package

Overview Version 5.0.2 of eslint-config-eslint was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to a remote server. Recommendation The best course of action if you found this package...

Doorkeeper gem does not revoke token for public clients

Any OAuth application that uses public/non-confidential authentication when interacting with Doorkeeper is unable to revoke its tokens when calling the revocation endpoint. A bug in the token revocation API would cause it to attempt to authenticate the public OAuth client as if it was a...

CVE-2018-12461

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation...

CVE-2018-12461

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation...

Design/Logic Flaw

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation...

CVE-2018-12461

CVE-2018-12461 affects NetIQ eDirectory prior to version 9.1.1 and concerns the certificate revocation check. The issue is described as a check failure in revocation processing; the fixed state implies upgrade to 9.1.1 or later as the mitigation. CVSS data present (v3 base score 7.5; HIGH) but th...

CVE-2018-12461 Certificate Revocation Check failure

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation...

Security Bulletin: IBM SmartCloud Orchestartor - Trustee token revocation does not work with memcache backend (CVE-2014-2237)

Summary When a trustor issues a trust token with impersonation enabled, the token is only added to the trustor's token list and not to the trustee's token list. This scenario results in the trust token not being invalidated by the trustee's token revocation bulk revocation. It is most noticeable...