CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

UBUNTU-CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

CVE-2018-1000211

CVE-2018-1000211 affects Doorkeeper 4.2.0 and later. The vulnerability is an Incorrect Access Control in the Token revocation API’s authorized method, which can cause access tokens to remain valid for public OAuth apps until expiry, leaking access. The provided connected documents confirm the vul...

CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

rubygem-doorkeeper -- token revocation vulnerability

NVD reports: Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

Malicious Package in eslint-scope

Version 3.7.2 of eslint-scope was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to 2 remote servers. Recommendation The best course of action if you found this package installed in your...

Malicious Package

Overview Version 5.0.2 of eslint-config-eslint was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to a remote server. Recommendation The best course of action if you found this package...

Doorkeeper gem does not revoke token for public clients

Any OAuth application that uses public/non-confidential authentication when interacting with Doorkeeper is unable to revoke its tokens when calling the revocation endpoint. A bug in the token revocation API would cause it to attempt to authenticate the public OAuth client as if it was a...

CVE-2018-12461

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation...

Design/Logic Flaw

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation...

CVE-2018-12461

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation...

CVE-2018-12461 Certificate Revocation Check failure

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation...

CVE-2018-12461

CVE-2018-12461 affects NetIQ eDirectory prior to version 9.1.1 and concerns the certificate revocation check. The issue is described as a check failure in revocation processing; the fixed state implies upgrade to 9.1.1 or later as the mitigation. CVSS data present (v3 base score 7.5; HIGH) but th...

Security Bulletin: IBM SmartCloud Orchestartor - Trustee token revocation does not work with memcache backend (CVE-2014-2237)

Summary When a trustor issues a trust token with impersonation enabled, the token is only added to the trustor's token list and not to the trustee's token list. This scenario results in the trust token not being invalidated by the trustee's token revocation bulk revocation. It is most noticeable...

CVE-2017-17302

Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. An authenticated, local attacker may craft and load some specific...

CVE-2017-17302

Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. An authenticated, local attacker may craft and load some specific...

GitLab: Removing a user from a private group doesn't remove him from group's project, if his project's role was changed

Summary: a rogue user is added to a private group with dozen of projects b The role in some projects is changed for the rogue user c rogue is fired, and removed from the group: he still has access to projects where his role was changed Description: the b can happen for a lot of different reasons:...

Debian: Security Advisory (DLA-977-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...