Launch Week Day 1: Announcing Security Design Review
Start for Free
HIGH 7.5 RubyGems

Doorkeeper subject to Incorrect Permission Assignment

GHSA-694m-jhr9-pf77 · CVE-2018-1000211

Published · Modified

Description

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes