Skip to main content

Doorkeeper

6 CVEs product

Monthly

CVE-2023-34246 Ruby MEDIUM POC PATCH This Month

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Doorkeeper
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-10187 Ruby HIGH PATCH This Week

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Doorkeeper
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-1000211 Ruby HIGH PATCH This Week

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Doorkeeper
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-1000088 Ruby MEDIUM PATCH This Month

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Doorkeeper
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2016-6582 Ruby CRITICAL PATCH Act Now

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Doorkeeper
NVD GitHub VulDB
CVSS 3.0
9.1
EPSS
0.6%
CVE-2014-8144 Ruby MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Doorkeeper
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Doorkeeper
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Doorkeeper
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Doorkeeper
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Doorkeeper
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Doorkeeper
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Doorkeeper
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy