Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-1000211

Опубликовано: 13 июл. 2018
Источник: debian
EPSS Низкий

Описание

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby-doorkeeperfixed4.4.2-1package
ruby-doorkeeperignoredstretchpackage

Примечания

  • https://github.com/doorkeeper-gem/doorkeeper/issues/891

  • https://github.com/doorkeeper-gem/doorkeeper/pull/1119

  • https://github.com/doorkeeper-gem/doorkeeper/commit/16e76e666b63e0e5e2704dd45b59e426190ddc78 (v4.4.0)

  • Requires changes in the reverse dependencies

EPSS

Процентиль: 50%
0.00265
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-1000211

CVSS3: 7.5
ubuntu
больше 7 лет назад

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.

nvd логотип

CVE-2018-1000211

CVSS3: 7.5
nvd
больше 7 лет назад

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.

github логотип

GHSA-694m-jhr9-pf77

CVSS3: 7.5
github
больше 7 лет назад

Doorkeeper subject to Incorrect Permission Assignment

EPSS

Процентиль: 50%
0.00265
Низкий