exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2020-10187

почти 6 лет назад

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled.

CVSS3: 7.5

EPSS: Низкий

CVE-2020-10187

почти 6 лет назад

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled.

CVSS3: 7.5

EPSS: Низкий

CVE-2020-10187

почти 6 лет назад

Doorkeeper version 5.0.0 and later contains an information disclosure ...

CVSS3: 7.5

EPSS: Низкий

GHSA-j7vx-8mqj-cqp9

почти 6 лет назад

Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2020-10187 Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled.	CVSS3: 7.5	0% Низкий	почти 6 лет назад
CVE-2020-10187 Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled.	CVSS3: 7.5	0% Низкий	почти 6 лет назад
CVE-2020-10187 Doorkeeper version 5.0.0 and later contains an information disclosure ...	CVSS3: 7.5	0% Низкий	почти 6 лет назад
GHSA-j7vx-8mqj-cqp9 Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper	CVSS3: 7.5	0% Низкий	почти 6 лет назад

Уязвимостей на страницу