Описание
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.0 (включая)
cpe:2.3:a:doorkeeper_project:doorkeeper:*:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00265
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 7 лет назад
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.
CVSS3: 7.5
debian
больше 7 лет назад
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...
CVSS3: 7.5
github
больше 7 лет назад
Doorkeeper subject to Incorrect Permission Assignment
EPSS
Процентиль: 50%
0.00265
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-732