Описание
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | ignored | end of life |
| devel | not-affected | 4.4.2-1 |
| disco | not-affected | 4.4.2-1 |
| eoan | not-affected | 4.4.2-1 |
| esm-apps/bionic | ignored | changes too intrusive |
| esm-apps/focal | not-affected | 4.4.2-1 |
| esm-apps/jammy | not-affected | 4.4.2-1 |
| esm-apps/noble | not-affected | 4.4.2-1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...
Doorkeeper subject to Incorrect Permission Assignment
EPSS
5 Medium
CVSS2
7.5 High
CVSS3