2 matches found
CVE-2018-1000211
CVE-2018-1000211 affects Doorkeeper 4.2.0 and later. The vulnerability is an Incorrect Access Control in the Token revocation API’s authorized method, which can cause access tokens to remain valid for public OAuth apps until expiry, leaking access. The provided connected documents confirm the vul...
Doorkeeper gem does not revoke token for public clients
Any OAuth application that uses public/non-confidential authentication when interacting with Doorkeeper is unable to revoke its tokens when calling the revocation endpoint. A bug in the token revocation API would cause it to attempt to authenticate the public OAuth client as if it was a...