PT-2019-19886 · Doorkeeper · Doorkeeper::Openidconnect

Rschultheis

Published

2019-03-15

Updated

2019-03-27

CVE-2019-9837

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Doorkeeper::OpenidConnect versions 1.4.x through 1.5.3

Description The issue allows for an open redirect via the redirect uri field in an OAuth authorization request, resulting in an error response when the 'openid' scope and a prompt=none value are used. This can be exploited for phishing attacks against the authorization flow.

Recommendations For versions 1.4.x through 1.5.3, consider restricting the use of the redirect uri field in OAuth authorization requests with the 'openid' scope and a prompt=none value to prevent open redirects. As a temporary workaround, restrict access to the authorization flow to minimize the risk of phishing attacks until a patch is available.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2019-9837

GHSA-VV4C-G6Q7-P3Q7

Affected Products

Doorkeeper::Openidconnect

PT-2019-19886 · Doorkeeper · Doorkeeper::Openidconnect

CVE-2019-9837

Weakness Enumeration

Related Identifiers

Affected Products

References · 9