Lucene search
K

2078 matches found

OSV
OSV
added 2018/08/13 8:46 p.m.17 views

GHSA-694M-JHR9-PF77 Doorkeeper subject to Incorrect Permission Assignment

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

7.5CVSS7.4AI score0.01611EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2018/08/13 8:46 p.m.23 views

Doorkeeper subject to Incorrect Permission Assignment

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

7.5CVSS3.6AI score0.01611EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/08/13 4:29 p.m.3 views

CVE-2017-1286

Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147...

6.5CVSS5.7AI score0.01313EPSS
Exploits0References2
Node.js
Node.js
added 2018/08/09 6:53 p.m.12 views

Malicious Package

Overview All versions of soket.io are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation...

7.5AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/08/02 12:0 a.m.14 views

FreeBSD : rubygem-doorkeeper -- token revocation vulnerability (e309a2c7-598b-4fa6-a398-bc72fbd1d167)

NVD reports : Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. C Tenable Network Security, Inc. The descriptive text...

7.5CVSS7.2AI score0.01611EPSS
Exploits0References3
OSV
OSV
added 2018/07/31 1:29 p.m.2 views

DEBIAN-CVE-2018-8019

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...

7.4CVSS7.3AI score0.04068EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/07/31 1:0 p.m.24 views

CVE-2018-8019

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...

7.3AI score0.04068EPSS
Exploits0References10
Cvelist
Cvelist
added 2018/07/31 1:0 p.m.28 views

CVE-2018-8020

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate wit...

7.3AI score0.04199EPSS
Exploits0References13
CVE
CVE
added 2018/07/31 1:0 p.m.116 views

CVE-2018-8019

CVE-2018-8019 affects OCSP handling in Apache Tomcat Native. Affects Tomcat Native versions 1.2.0–1.2.16 and 1.1.23–1.1.34 where invalid OCSP responses could cause revoked client certificates to be accepted during mutual TLS authentication. Public details indicate vulnerability in OCSP response p...

7.4CVSS7.2AI score0.04068EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2018/07/19 2:29 p.m.3 views

CVE-2018-5532

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name...

5.3CVSS5.8AI score0.01165EPSS
Exploits0References2
OSV
OSV
added 2018/07/16 8:29 p.m.3 views

CVE-2017-17541

A Cross-site Scripting XSS vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature...

6.1CVSS5.8AI score0.00871EPSS
Exploits0References3
Veracode
Veracode
added 2018/07/16 4:58 a.m.17 views

Improper Token Revocation

doorkeeper improperly handles token revocation. The vulnerability exists in the authorized method found in the token revocation's API, resulting in incorrect access control where the access token for the public OAuth applications are not revoked...

7.5CVSS7.3AI score0.01611EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/07/13 6:29 p.m.4 views

UBUNTU-CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

7.5CVSS7.1AI score0.01611EPSS
Exploits0References4
Prion
Prion
added 2018/07/13 6:29 p.m.12 views

Improper access control

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

5CVSS7.5AI score0.01611EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/07/13 6:29 p.m.21 views

CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

7.5CVSS7.5AI score0.01611EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/07/13 6:29 p.m.22 views

CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

7.5CVSS7.1AI score0.01611EPSS
Exploits0References3
OSV
OSV
added 2018/07/13 6:29 p.m.4 views

DEBIAN-CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

7.5CVSS7.2AI score0.01611EPSS
Exploits0References1
OSV
OSV
added 2018/07/13 6:29 p.m.12 views

CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

7.5CVSS6.8AI score
Exploits0References2
Debian CVE
Debian CVE
added 2018/07/13 6:0 p.m.14 views

CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

7.5CVSS7.5AI score0.01611EPSS
Exploits0
CVE
CVE
added 2018/07/13 6:0 p.m.76 views

CVE-2018-1000211

CVE-2018-1000211 affects Doorkeeper 4.2.0 and later. The vulnerability is an Incorrect Access Control in the Token revocation API’s authorized method, which can cause access tokens to remain valid for public OAuth apps until expiry, leaking access. The provided connected documents confirm the vul...

7.5CVSS7.4AI score0.01611EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder