CVE-2018-1000211
Description
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation APIs authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.265
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-1000211 are fixed in Ruby-doorkeeper 4.4.0 | Windows |
| Vulnerabilities CVE-2018-1000211 are fixed in Ruby-doorkeeper for Linux 4.4.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234