Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.
Metrics
Affected Vendors & Products
References
History
Mon, 09 Dec 2024 05:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-06-12T16:33:05.704Z
Updated: 2024-12-09T05:03:22.873Z
Reserved: 2023-05-31T13:51:51.173Z
Link: CVE-2023-34246
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-06-12T17:15:09.967
Modified: 2024-12-09T05:15:04.823
Link: CVE-2023-34246
Redhat
No data.