6 matches found
GHSA-7MQR-2V3Q-V2WM Ory fosite contains Improper Handling of Exceptional Conditions
Impact The TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store...
Ory fosite contains Improper Handling of Exceptional Conditions
Impact The TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store...
CVE-2020-15223
In ORY Fosite the security first OAuth2 & OpenID Connect framework for Go before version 0.34.0, the TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can...
CVE-2020-15223
In ORY Fosite the security first OAuth2 & OpenID Connect framework for Go before version 0.34.0, the TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can...
Design/Logic Flaw
In ORY Fosite the security first OAuth2 & OpenID Connect framework for Go before version 0.34.0, the TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can...
CVE-2020-15223
CVE-2020-15223 affects ORY Fosite (Go) prior to 0.34.0, where TokenRevocationHandler ignores errors from storage. This can cause a revoked token to still appear valid, potentially producing 200 responses even when revocation failed, depending on the ability to trigger storage errors. The issue is...