Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-vv4c-g6q7-p3q7

Опубликовано: 25 мар. 2019
Источник: github
Github: Прошло ревью
CVSS3: 6.1

Описание

Doorkeeper-openid_connect contains Open Redirect

Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.

Ссылки

Пакеты

Наименование

doorkeeper-openid_connect

rubygems
Затронутые версииВерсия исправления

>= 1.4.0, < 1.5.4

1.5.4

EPSS

Процентиль: 50%
0.00271
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2019-9837

Дефекты

CWE-601

Связанные уязвимости

ubuntu логотип

CVE-2019-9837

CVSS3: 6.1
ubuntu
почти 7 лет назад

Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.

nvd логотип

CVE-2019-9837

CVSS3: 6.1
nvd
почти 7 лет назад

Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.

debian логотип

CVE-2019-9837

CVSS3: 6.1
debian
почти 7 лет назад

Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorke ...

EPSS

Процентиль: 50%
0.00271
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2019-9837

Дефекты

CWE-601