15 matches found
EUVD-2017-0157
Malware in sbrugna...
GHSA-5P9F-55J8-922M Moderate severity vulnerability that affects doorkeeper
Withdrawn, accidental duplicate publish. The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
Moderate severity vulnerability that affects doorkeeper
Withdrawn, accidental duplicate publish. The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
Doorkeeper gem does not revoke token for public clients
Any OAuth application that uses public/non-confidential authentication when interacting with Doorkeeper is unable to revoke its tokens when calling the revocation endpoint. A bug in the token revocation API would cause it to attempt to authenticate the public OAuth client as if it was a...
Doorkeeper gem cross-site scripting vulnerability
Doorkeeper is based on the Ruby language open source Web application framework in the OAuth 2 Open Authorization Protocol provider . A cross-site scripting vulnerability exists in Doorkeeper gem versions 2.1.0 through 4.2.5, which can be exploited by an attacker to insert cross-site code and obta...
Doorkeeper gem has stored XSS on authorization consent view
Stored XSS on the OAuth Client's name will cause users being prompted for consent via the "implicit" grant type to execute the XSS payload. The XSS attack could gain access to the user's active session, resulting in account compromise. Any user is susceptible if they click the authorization link...
GHSA-3M6R-39P3-JQ25 Doorkeeper is vulnerable to replay attacks
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
DEBIAN-CVE-2016-6582
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
CVE-2016-6582
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
CVE-2016-6582
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
Session fixation
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
CVE-2016-6582
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
UBUNTU-CVE-2016-6582
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
CVE-2016-6582
The CVE-2016-6582 entry concerns the Doorkeeper gem for Ruby, with versions prior to 4.2.0. The underlying issue is a failure to implement the OAuth 2.0 Token Revocation specification, which could allow remote attackers to conduct replay attacks or revoke arbitrary tokens. The available connected...
CVE-2016-6582
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...