Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled.
References
Link | Resource |
---|---|
https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6 | Patch Third Party Advisory |
https://github.com/doorkeeper-gem/doorkeeper/releases | Release Notes Third Party Advisory |
https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9 | Patch Third Party Advisory |
https://github.com/rubysec/ruby-advisory-db/pull/446 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-04T13:19:04
Updated: 2020-05-04T13:19:04
Reserved: 2020-03-06T00:00:00
Link: CVE-2020-10187
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-05-04T14:15:13.013
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-10187
JSON object: View
Redhat Information
No data.
CWE