5 matches found
EUVD-2023-1739
Malicious code in bioql PyPI...
Debian dla-3494 : ruby-doorkeeper - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3494 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3494-1 [email protected] https://www.debian.org/lts/security/...
USN-6210-1: Doorkeeper vulnerability
It was discovered that Doorkeeper incorrectly performed authorization checks for public clients that have been previous approved. An attacker could potentially exploit these in order to impersonate another user and obtain sensitive information...
CVE-2023-34246 Doorkeeper Improper Authentication vulnerability
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...
CVE-2023-34246
CVE-2023-34246 affects ruby-doorkeeper, an OAuth 2 provider for Ruby on Rails and Grape. Prior to Doorkeeper 5.6.6, the gem could automatically process authorization requests for public clients that had been previously approved, enabling potential impersonation of public clients due to identity n...