Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 6 of 6 results

CVE-2023-34246

High priority

Some fixes available 6 of 8

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public...

2 affected packages

ruby-doorkeeper, ruby-doorkeeper-openid-connect

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-doorkeeper Not affected Fixed Fixed Fixed Fixed
ruby-doorkeeper-openid-connect Not affected Not affected Not affected Not affected Not in release
Show less packages

CVE-2020-10187

Medium priority
Needs evaluation

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and...

1 affected packages

ruby-doorkeeper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-doorkeeper Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-9837

Medium priority
Fixed

Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with...

1 affected packages

ruby-doorkeeper-openid-connect

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-doorkeeper-openid-connect Not affected Not in release
Show less packages

CVE-2018-1000211

Medium priority
Needs evaluation

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.

1 affected packages

ruby-doorkeeper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-doorkeeper Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2018-1000088

Medium priority
Vulnerable

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users...

1 affected packages

ruby-doorkeeper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-doorkeeper Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2016-6582

Medium priority
Vulnerable

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.

1 affected packages

ruby-doorkeeper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-doorkeeper Not affected Not affected Not affected Not affected Vulnerable
Show less packages