PT-2018-9379 · Doorkeeper · Doorkeeper

F3Ndot

Published

2018-07-13

Updated

2019-10-03

CVE-2018-1000211

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Doorkeeper versions 4.2.0 and later

Description The issue is related to an Incorrect Access Control vulnerability in the Token revocation API's authorized method. This can result in access tokens not being revoked for public OAuth apps, leading to access leaks until the tokens expire.

Recommendations For Doorkeeper versions 4.2.0 and later, update to a version that includes a fix for the Token revocation API's authorized method to ensure access tokens are properly revoked for public OAuth apps.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-1000211

GHSA-694M-JHR9-PF77

Affected Products

Doorkeeper

PT-2018-9379 · Doorkeeper · Doorkeeper

CVE-2018-1000211

Weakness Enumeration

Related Identifiers

Affected Products

References · 12