PT-2018-9379 · Doorkeeper · Doorkeeper

F3Ndot

Publicado

2018-07-13

Atualizado

2019-10-03

CVE-2018-1000211

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Doorkeeper versions 4.2.0 and later

Description The issue is related to an Incorrect Access Control vulnerability in the Token revocation API's authorized method. This can result in access tokens not being revoked for public OAuth apps, leading to access leaks until the tokens expire.

Recommendations For Doorkeeper versions 4.2.0 and later, update to a version that includes a fix for the Token revocation API's authorized method to ensure access tokens are properly revoked for public OAuth apps.

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2018-1000211

GHSA-694M-JHR9-PF77

Produtos afetados

Doorkeeper

PT-2018-9379 · Doorkeeper · Doorkeeper

CVE-2018-1000211

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12