125 matches found
CVE-2020-10187
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...
EUVD-2018-0441
Malware in sbrugna...
EUVD-2017-0157
Malware in sbrugna...
EUVD-2020-0426
Malware in sbrugna...
EUVD-2019-0393
Malware in sbrugna...
EUVD-2018-0373
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-1000211
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access token...
CVE-2023-34246
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...
CVE-2018-1000211
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...
USN-7394-1: Doorkeeper vulnerabilities
Jonathan Clem and Justin Bull discovered that Doorkeeper could allow arbitrary token revocation and replay attacks. An attacker could possibly use this issue to gain unauthorized access to a system. CVE-2016-6582 It was discovered that Doorkeeper incorrectly handled storing client names. An...
Ubuntu: Security Advisory (USN-7394-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS : Doorkeeper vulnerabilities (USN-7394-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7394-1 advisory. Jonathan Clem and Justin Bull discovered that Doorkeeper could allow arbitrary token revocation and replay attacks. An attacker could possibly use this...
[SECURITY] [DLA 3989-1] ruby-doorkeeper security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3989-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk December 09, 2024 https://wiki.debian.org/LTS -...
Debian dla-3989 : ruby-doorkeeper - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3989 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3989-1 [email protected] https://www.debian.org/lts/security/...
Debian: Security Advisory (DLA-3989-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DLA-3989-1 ruby-doorkeeper - security update
Bulletin has no description...
Design/Logic Flaw
Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue...
CVE-2024-25619 Destroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodon
Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue...
CVE-2024-25619 Destroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodon
Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue...
Debian: Security Advisory (DLA-3494-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...