CVE-2016-6582

Sažetak

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.

Reference

http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html
http://seclists.org/fulldisclosure/2016/Aug/105
http://www.securityfocus.com/archive/1/539268/100/0/threaded
http://www.securityfocus.com/bid/92551
https://github.com/doorkeeper-gem/doorkeeper/issues/875
https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

09-10-2018 - 20:00

Objavljeno

23-01-2017 - 21:59