FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rubygem-doorkeeper -- token revocation vulnerability

Affected packages
rubygem-doorkeeper < 4.4.0
rubygem-doorkeeper-rails5 < 4.4.0
rubygem-doorkeeper-rails50 < 4.4.0
rubygem-doorkeeper43 < 4.4.0

Details

VuXML ID e309a2c7-598b-4fa6-a398-bc72fbd1d167
Discovery 2018-07-13
Entry 2018-07-31
Modified 2018-08-03

NVD reports:

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.

References

CVE Name CVE-2018-1000211
URL https://github.com/doorkeeper-gem/doorkeeper/pull/1120
URL https://nvd.nist.gov/vuln/detail/CVE-2018-1000211