Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.
History

Mon, 09 Dec 2024 05:30:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-12T16:33:05.704Z

Updated: 2024-12-09T05:03:22.873Z

Reserved: 2023-05-31T13:51:51.173Z

Link: CVE-2023-34246

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-12T17:15:09.967

Modified: 2024-12-09T05:15:04.823

Link: CVE-2023-34246

cve-icon Redhat

No data.